Browse files

Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SET…

…TINGS. Thanks,

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
jacobian committed Feb 26, 2007
1 parent e7fb316 commit 702273d77b8dce3d16af60c958756c6e501be401
Showing with 10 additions and 0 deletions.
  1. +10 −0 docs/settings.txt
@@ -332,6 +332,16 @@ Default: ``False``
A boolean that turns on/off debug mode.
+If you define custom settings, django/views/ has a ``HIDDEN_SETTINGS``
+regular expression which will hide from the DEBUG view anything that contins
+``'SECRET``, ``PASSWORD``, or ``PROFANITIES'``. This allows untrusted users to
+be able to give backtraces without seeing sensitive (or offensive) settings.
+Still, note that there are always going to be sections of your debug output that
+are inapporpriate for public consumption. File paths, configuration options, and
+the like all give attackers extra information about your server. Never deploy a
+site with ``DEBUG`` turned on.

0 comments on commit 702273d

Please sign in to comment.