diff options
| author | Daniele Procida <daniele@vurt.org> | 2021-06-27 10:55:06 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-06-28 11:46:37 +0200 |
| commit | d79be3ed39b76d3e34431873eec16f6dd354ab17 (patch) | |
| tree | 819a76c2c37d1d259b3a2a40f43afe648436e66e /docs | |
| parent | f5ea9aa2f32c7ca9a1fdf793580fddba3daae1b9 (diff) | |
Refs #32880 -- Rearranged logging security notes.
Expanded security notes and moved them under a new explanation heading
of their own for future reference and expansion.
Removed specific reference to Sentry since there are multiple
third-party services that fulfill that role.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/topics/logging.txt | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/docs/topics/logging.txt b/docs/topics/logging.txt index 5c0be8950b..b458d0c982 100644 --- a/docs/topics/logging.txt +++ b/docs/topics/logging.txt @@ -702,15 +702,8 @@ Python logging module. } }, - Note that this HTML version of the email contains a full traceback, - with names and values of local variables at each level of the stack, plus - the values of your Django settings. This information is potentially very - sensitive, and you may not want to send it over email. Consider using - something such as `Sentry`_ to get the best of both worlds -- the - rich information of full tracebacks plus the security of *not* sending the - information over email. You may also explicitly designate certain - sensitive information to be filtered out of error reports -- learn more on - :ref:`Filtering error reports<filtering-error-reports>`. + Be aware of the :ref:`security implications of logging + <logging-security-implications>` when using the ``AdminEmailHandler``. By setting the ``email_backend`` argument of ``AdminEmailHandler``, the :ref:`email backend <topic-email-backends>` that is being used by the @@ -747,8 +740,6 @@ Python logging module. subclass the :class:`~django.utils.log.AdminEmailHandler` class and override this method. -.. _Sentry: https://pypi.org/project/sentry/ - Filters ------- @@ -848,3 +839,38 @@ above. See also :ref:`Configuring logging <configuring-logging>` to learn how you can complement or replace this default logging configuration defined in :source:`django/utils/log.py`. + +.. _logging-security-implications: + +Security implications +===================== + +The logging system handles potentially sensitive information. For example, the +log record may contain information about a web request or a stack trace, while +some of the data you collect in your own loggers may also have security +implications. You need to be sure you know: + +* what information is collected +* where it will subsequently be stored +* how it will be transferred +* who might have access to it. + +To help control the collection of sensitive information, you can explicitly +designate certain sensitive information to be filtered out of error reports -- +read more about how to :ref:`filter error reports <filtering-error-reports>`. + +``AdminEmailHandler`` +--------------------- + +The built-in :class:`AdminEmailHandler` deserves a mention in the context of +security. If its ``include_html`` option is enabled, the email message it sends +will contain a full traceback, with names and values of local variables at each +level of the stack, plus the values of your Django settings (in other words, +the same level of detail that is exposed in a web page when :setting:`DEBUG` is +``True``). + +It's generally not considered a good idea to send such potentially sensitive +information over email. Consider instead using one of the many third-party +services to which detailed logs can be sent to get the best of multiple worlds +-- the rich information of full tracebacks, clear management of who is notified +and has access to the information, and so on. |
