mirror of https://github.com/django/django.git
Refs #32880 -- Rearranged logging security notes.
Expanded security notes and moved them under a new explanation heading of their own for future reference and expansion. Removed specific reference to Sentry since there are multiple third-party services that fulfill that role.
This commit is contained in:
Daniele Procida
Mariusz Felisiak
parent
f5ea9aa2f3
commit
d79be3ed39
|
|
@ -702,15 +702,8 @@ Python logging module.
|
|||
}
|
||||
},
|
||||
|
||||
Note that this HTML version of the email contains a full traceback,
|
||||
with names and values of local variables at each level of the stack, plus
|
||||
the values of your Django settings. This information is potentially very
|
||||
sensitive, and you may not want to send it over email. Consider using
|
||||
something such as `Sentry`_ to get the best of both worlds -- the
|
||||
rich information of full tracebacks plus the security of *not* sending the
|
||||
information over email. You may also explicitly designate certain
|
||||
sensitive information to be filtered out of error reports -- learn more on
|
||||
:ref:`Filtering error reports<filtering-error-reports>`.
|
||||
Be aware of the :ref:`security implications of logging
|
||||
<logging-security-implications>` when using the ``AdminEmailHandler``.
|
||||
|
||||
By setting the ``email_backend`` argument of ``AdminEmailHandler``, the
|
||||
:ref:`email backend <topic-email-backends>` that is being used by the
|
||||
|
|
@ -747,8 +740,6 @@ Python logging module.
|
|||
subclass the :class:`~django.utils.log.AdminEmailHandler` class and
|
||||
override this method.
|
||||
|
||||
.. _Sentry: https://pypi.org/project/sentry/
|
||||
|
||||
Filters
|
||||
-------
|
||||
|
||||
|
|
@ -848,3 +839,38 @@ above.
|
|||
See also :ref:`Configuring logging <configuring-logging>` to learn how you can
|
||||
complement or replace this default logging configuration defined in
|
||||
:source:`django/utils/log.py`.
|
||||
|
||||
.. _logging-security-implications:
|
||||
|
||||
Security implications
|
||||
=====================
|
||||
|
||||
The logging system handles potentially sensitive information. For example, the
|
||||
log record may contain information about a web request or a stack trace, while
|
||||
some of the data you collect in your own loggers may also have security
|
||||
implications. You need to be sure you know:
|
||||
|
||||
* what information is collected
|
||||
* where it will subsequently be stored
|
||||
* how it will be transferred
|
||||
* who might have access to it.
|
||||
|
||||
To help control the collection of sensitive information, you can explicitly
|
||||
designate certain sensitive information to be filtered out of error reports --
|
||||
read more about how to :ref:`filter error reports <filtering-error-reports>`.
|
||||
|
||||
``AdminEmailHandler``
|
||||
---------------------
|
||||
|
||||
The built-in :class:`AdminEmailHandler` deserves a mention in the context of
|
||||
security. If its ``include_html`` option is enabled, the email message it sends
|
||||
will contain a full traceback, with names and values of local variables at each
|
||||
level of the stack, plus the values of your Django settings (in other words,
|
||||
the same level of detail that is exposed in a web page when :setting:`DEBUG` is
|
||||
``True``).
|
||||
|
||||
It's generally not considered a good idea to send such potentially sensitive
|
||||
information over email. Consider instead using one of the many third-party
|
||||
services to which detailed logs can be sent to get the best of multiple worlds
|
||||
-- the rich information of full tracebacks, clear management of who is notified
|
||||
and has access to the information, and so on.
|
||||
|
|
|
|||
Loading…
Reference in New Issue