#35930: Database password visible on debug page in local variable
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Owner: Baha
| Sdtbekov
Type: Bug | Status: closed
Component: Error reporting | Version: dev
Severity: Normal | Resolution: needsinfo
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* resolution: => needsinfo
* status: assigned => closed
* version: => dev
Comment:
Thank you Jacob for the extra details, though I'm not being able to
reproduce. Making `connect` fail does not help me get a traceback at
runtime, it only prevents the development server to run.
Can someone please provide, ideally, a regression test? Or at least a code
snippet for a view to make this more easily reproducible.
Side note: if we eventually accept this ticket, I think it should include
some audit of other potential places where the connection params could be
used and not marked as sensitive.
--
Ticket URL: <https://code.djangoproject.com/ticket/35930#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019369594b40-f8458307-ba40-4187-8fd9-7c41eeaac177-000000%40eu-central-1.amazonses.com.
