Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETT…

…INGS. Thanks, cmgreen@uab.edu

git-svn-id: http://code.djangoproject.com/svn/django/trunk@4620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 702273d77b8dce3d16af60c958756c6e501be401 1 parent e7fb316
Jacob Kaplan-Moss authored

Showing 1 changed file with 10 additions and 0 deletions. Show diff stats Hide diff stats

  1. 10  docs/settings.txt
10  docs/settings.txt
@@ -332,6 +332,16 @@ Default: ``False``
332 332
 
333 333
 A boolean that turns on/off debug mode.
334 334
 
  335
+If you define custom settings, django/views/debug.py has a ``HIDDEN_SETTINGS``
  336
+regular expression which will hide from the DEBUG view anything that contins
  337
+``'SECRET``, ``PASSWORD``, or ``PROFANITIES'``. This allows untrusted users to
  338
+be able to give backtraces without seeing sensitive (or offensive) settings.
  339
+
  340
+Still, note that there are always going to be sections of your debug output that
  341
+are inapporpriate for public consumption. File paths, configuration options, and
  342
+the like all give attackers extra information about your server. Never deploy a
  343
+site with ``DEBUG`` turned on.
  344
+
335 345
 DEFAULT_CHARSET
336 346
 ---------------
337 347
 

0 notes on commit 702273d

Please sign in to comment.
Something went wrong with that request. Please try again.