Login

Mask sensitive POST fields in error e-mails

Author:
derivin
Posted:
March 9, 2008
Language:
Python
Version:
.96
Score:
1 (after 1 ratings)

For PyCon we have our crash messages go to a mailman group so that people working on the site would be aware of issues. This saved us many times. But sensitive information would some times come up such as login passwords and fields we did not want going on the list.

the solution was to mask these POST fields when an exception occurs and is being handled. This is simple drop-in code which will mask the values of POST arguments which contain keywords (such as 'password', 'protected', and 'private').

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
from django.core import signals
from django.dispatch import dispatcher

## Case Sensitive!!!
MASK_IN_EXCEPTION_EMAIL= ['password', 'protected', 'private' ]

def clean_request_for_exception(signal=None, sender=None, request=None):
    masked = False
    if not request or not request.POST: return False
    mutable = request.POST._mutable
    request.POST._mutable = True
    for name in request.POST:
        for mask in MASK_IN_EXCEPTION_EMAIL:
            if mask in name:
                request.POST[name]=u'xxHIDDENxx'
                masked=True
                break
    request.POST._mutable = mutable
    return masked

dispatcher.connect(clean_request_for_exception,
                   signal=signals.got_request_exception)

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 2 months ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 2 months, 1 week ago
  3. Serializer factory with Django Rest Framework by julio 9 months, 1 week ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 9 months, 4 weeks ago
  5. Help text hyperlinks by sa2812 10 months, 3 weeks ago

Comments

Please login first before commenting.