On Wed, Apr 22, 2015 at 3:05 PM, Tim Graham <timogra...@gmail.com> wrote: > I have some concerns from a security standpoint. For example, some exception > messages are definitely not meant to be displayed to end users and may leak > server implementation details. For example:
This is saying you can't have a gun because you might shoot yourself in the foot, but then how do you shoot the bear? The error handler is under the developers control, so what they choose to do with the exception is their business. The default implementation need not show anything more than is currently available, but it could be replaced with something that does what the developer needs, and it would be their responsibility that they keep their toes, so to speak. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAFHbX1J-uiNoP9OuHqX3ekPj77k%3DmbEbWsevRnakmYevBQu5EQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
