#35930: Database password visible on debug page in local variable
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Owner: Baha
| Sdtbekov
Type: Bug | Status: new
Component: Error reporting | Version: dev
Severity: Normal | Resolution:
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Baha Sdtbekov):
I think there's a deeper problem here.
We can have a lot of cases where we can leak classified data.
For example, using salted_hmac from crypto
If we specify wrong algorithm we can leak the secret key of django, I
understand that this is because of wrong usage but I would like to hide
them or not show them at all.
Because leaked data in production is a big loss.
--
Ticket URL: <https://code.djangoproject.com/ticket/35930#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019373cc9018-8f7266ec-7701-4944-9b80-c58d36b5a819-000000%40eu-central-1.amazonses.com.
