Login

No Password E-mail

Author:
jefferya
Posted:
February 15, 2009
Language:
Python
Version:
1.0
Tags:
middleware password exception
Score:
0 (after 0 ratings)

Sometimes when a Django site's authentication backend goes down, a login will fail with a 500 error. This has happened to me when using an LDAP backend for authentication. A glitch with the settings, or ldap temporarily disappearing can make logins flake out for a short period of time.

That's fine, but when a 500 error occurs it e-mails detailed information about the error to the ADMINS. We like this behavior for most errors, but it is quite frustrating when it is a login form with a password as part of a POST. If it is one of us who gets our password e-mailed out, it's even more frustrating. It hits a mailing list first, and goes to the archives to be stored in plain text. It goes to several e-mail inboxes, some of which are not local inboxes.

I decided that enough was enough. Drop this middleware in, and it will change a "password" field in the POST to twenty asterisks. This was the default way to display other sensitive settings on the DEBUG page, so I figured I'd be consistant with that.

This snippet is distributed under the GPLv3 License http://www.gnu.org/licenses/gpl-3.0-standalone.html

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
import sys
from django.core.handlers.base import BaseHandler

class NoPasswordExceptionMiddleware():
    def process_exception(self, request, exception):
        if 'password' in request.POST.keys():
            post = request.POST.copy()
            post['password']='********************'
            request.POST = post
        b=BaseHandler()
        exc_info = sys.exc_info()
        b.handle_uncaught_exception(request,exception,exc_info)

More like this

  1. Mask sensitive POST fields in error e-mails by derivin 7 years, 4 months ago
  2. Authenticate against Active Directory - LDAP (my version) by trebor74hr 6 years, 4 months ago
  3. Authentication Against Active Directory (LDAP) over SSL by mary 7 years ago
  4. Email or username authentication with masquerading by petrilli 6 years, 1 month ago
  5. phpbb (2.x) authentication backend by bram 7 years ago

Comments

Please login first before commenting.