Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETTINGS. Thanks, cmgreen@uab.edu

git-svn-id: http://code.djangoproject.com/svn/django/trunk@4620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2007-02-26 21:22:21 +00:00
parent e7fb31624a
commit 702273d77b
1 changed files with 10 additions and 0 deletions

View File

@ -332,6 +332,16 @@ Default: ``False``
A boolean that turns on/off debug mode.
If you define custom settings, django/views/debug.py has a ``HIDDEN_SETTINGS``
regular expression which will hide from the DEBUG view anything that contins
``'SECRET``, ``PASSWORD``, or ``PROFANITIES'``. This allows untrusted users to
be able to give backtraces without seeing sensitive (or offensive) settings.
Still, note that there are always going to be sections of your debug output that
are inapporpriate for public consumption. File paths, configuration options, and
the like all give attackers extra information about your server. Never deploy a
site with ``DEBUG`` turned on.
DEFAULT_CHARSET
---------------