Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETTINGS. Thanks, cmgreen@uab.edu
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
e7fb31624a
commit
702273d77b
|
@ -332,6 +332,16 @@ Default: ``False``
|
||||||
|
|
||||||
A boolean that turns on/off debug mode.
|
A boolean that turns on/off debug mode.
|
||||||
|
|
||||||
|
If you define custom settings, django/views/debug.py has a ``HIDDEN_SETTINGS``
|
||||||
|
regular expression which will hide from the DEBUG view anything that contins
|
||||||
|
``'SECRET``, ``PASSWORD``, or ``PROFANITIES'``. This allows untrusted users to
|
||||||
|
be able to give backtraces without seeing sensitive (or offensive) settings.
|
||||||
|
|
||||||
|
Still, note that there are always going to be sections of your debug output that
|
||||||
|
are inapporpriate for public consumption. File paths, configuration options, and
|
||||||
|
the like all give attackers extra information about your server. Never deploy a
|
||||||
|
site with ``DEBUG`` turned on.
|
||||||
|
|
||||||
DEFAULT_CHARSET
|
DEFAULT_CHARSET
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue