For PyCon we have our crash messages go to a mailman group so that people working on the site would be aware of issues. This saved us many times. But sensitive information would some times come up such as login passwords and fields we did not want going on the list.
the solution was to mask these POST fields when an exception occurs and is being handled. This is simple drop-in code which will mask the values of POST arguments which contain keywords (such as 'password', 'protected', and 'private').
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | from django.core import signals
from django.dispatch import dispatcher
## Case Sensitive!!!
MASK_IN_EXCEPTION_EMAIL= ['password', 'protected', 'private' ]
def clean_request_for_exception(signal=None, sender=None, request=None):
masked = False
if not request or not request.POST: return False
mutable = request.POST._mutable
request.POST._mutable = True
for name in request.POST:
for mask in MASK_IN_EXCEPTION_EMAIL:
if mask in name:
request.POST[name]=u'xxHIDDENxx'
masked=True
break
request.POST._mutable = mutable
return masked
dispatcher.connect(clean_request_for_exception,
signal=signals.got_request_exception)
|
More like this
- Form field with fixed value by roam 15 hours, 10 minutes ago
- New Snippet! by Antoliny0919 1 week ago
- Add Toggle Switch Widget to Django Forms by OgliariNatan 2 months, 3 weeks ago
- get_object_or_none by azwdevops 6 months, 2 weeks ago
- Mask sensitive data from logger by agusmakmun 8 months, 1 week ago
Comments
Please login first before commenting.