summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJacob Kaplan-Moss <jacob@jacobian.org>2007-02-26 21:22:21 +0000
committerJacob Kaplan-Moss <jacob@jacobian.org>2007-02-26 21:22:21 +0000
commit702273d77b8dce3d16af60c958756c6e501be401 (patch)
tree80ba8e6fbaa944044273cf857a1dab9b0abb0e39 /docs
parente7fb31624a4803c579f78a63a8407bbc037915d7 (diff)
Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETTINGS. Thanks, cmgreen@uab.edu
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/settings.txt10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/settings.txt b/docs/settings.txt
index 67860a085e..04795ca54b 100644
--- a/docs/settings.txt
+++ b/docs/settings.txt
@@ -332,6 +332,16 @@ Default: ``False``
A boolean that turns on/off debug mode.
+If you define custom settings, django/views/debug.py has a ``HIDDEN_SETTINGS``
+regular expression which will hide from the DEBUG view anything that contins
+``'SECRET``, ``PASSWORD``, or ``PROFANITIES'``. This allows untrusted users to
+be able to give backtraces without seeing sensitive (or offensive) settings.
+
+Still, note that there are always going to be sections of your debug output that
+are inapporpriate for public consumption. File paths, configuration options, and
+the like all give attackers extra information about your server. Never deploy a
+site with ``DEBUG`` turned on.
+
DEFAULT_CHARSET
---------------