./manage.py settings
71 views
Skip to first unread message
1337 Shadow Hacker
Jun 11, 2020, 11:09:53 PM6/11/20
to Django developers (Contributions to Django itself)
Hi all,
So, just on #django IRC channel there was a user trying to help another one, asking for some settings through ./manage.py shell etc ... A discussion that went kind of like "Print out your settings" "How would I print, I tried that, I'm in settings.py" "With ... print()" "but in the shell, __file__ is not defined" and so on, and 20 minutes later the user couldn't print his settings and left.
TBH I'm pretty fine because the users I support are on projects where I added djcli to the requirements, so I can always ask the to do the djcli setting command to print out a setting. It's very useful useful to me, I think Django should a command to dump runtime settings because that should make the life easier of Django users trying to support newbies in their own projects, where they don't have installed a custom command, it's pretty cheap to make and maintain and should save quite some frustration from both sides of the story.
What do you think ?
Ion Scerbatiuc
Jun 11, 2020, 11:54:02 PM6/11/20
to django-d...@googlegroups.com
I've always used `diffsettings` to print my settings for debugging purposes, and `diffsettings` combined with `| grep` to filter down to specific settings options. Was this option discussed in the IRC thread?
Best,
Ion
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/X2HkH0yasxu2XVxBuVkbTfdSHctL7y3pW9seQ8CHFcVOpmsiyN80JlDYH2g5F6IfPvEdN4zyG6vuxj2HEMJaXUSErMUM5IT70iLvkxsrc7U%3D%40protonmail.com.
1337 Shadow Hacker
Jun 12, 2020, 5:58:46 AM6/12/20
to django-d...@googlegroups.com
It wasn't discussed indeed, nice command, thank you !
René Fleschenberg
Jun 12, 2020, 7:52:19 AM6/12/20
to django-d...@googlegroups.com
Hi,
Just a thought that came to my mind: It would be useful to have a
command that dumps the run-time settings, but automatically replaces
secrets with dummy values.
I think this should not be too hard to do for Django's own secret
settings, and maybe it can also be done for some known common third
party settings (AWS_SECRET_ACCESS_KEY, for example).
Even better would be to have a standardized way of marking settings as
secret, though I am not sure if this is feasible.
Regards,
René
On 6/12/20 5:09 AM, '1337 Shadow Hacker' via Django developers
--
René Fleschenberg
Rosastrasse 53, 45130 Essen, Germany
Phone: +49 1577 170 7363
https://fleschenberg.net
E-mail: re...@fleschenberg.net
Just a thought that came to my mind: It would be useful to have a
command that dumps the run-time settings, but automatically replaces
secrets with dummy values.
I think this should not be too hard to do for Django's own secret
settings, and maybe it can also be done for some known common third
party settings (AWS_SECRET_ACCESS_KEY, for example).
Even better would be to have a standardized way of marking settings as
secret, though I am not sure if this is feasible.
Regards,
René
On 6/12/20 5:09 AM, '1337 Shadow Hacker' via Django developers
> --
> You received this message because you are subscribed to the Google
> Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-develop...@googlegroups.com
> <mailto:django-develop...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-develop...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/X2HkH0yasxu2XVxBuVkbTfdSHctL7y3pW9seQ8CHFcVOpmsiyN80JlDYH2g5F6IfPvEdN4zyG6vuxj2HEMJaXUSErMUM5IT70iLvkxsrc7U%3D%40protonmail.com
> <https://groups.google.com/d/msgid/django-developers/X2HkH0yasxu2XVxBuVkbTfdSHctL7y3pW9seQ8CHFcVOpmsiyN80JlDYH2g5F6IfPvEdN4zyG6vuxj2HEMJaXUSErMUM5IT70iLvkxsrc7U%3D%40protonmail.com?utm_medium=email&utm_source=footer>.
> https://groups.google.com/d/msgid/django-developers/X2HkH0yasxu2XVxBuVkbTfdSHctL7y3pW9seQ8CHFcVOpmsiyN80JlDYH2g5F6IfPvEdN4zyG6vuxj2HEMJaXUSErMUM5IT70iLvkxsrc7U%3D%40protonmail.com
--
René Fleschenberg
Rosastrasse 53, 45130 Essen, Germany
Phone: +49 1577 170 7363
https://fleschenberg.net
E-mail: re...@fleschenberg.net
Jure Erznožnik
Jun 12, 2020, 7:59:45 AM6/12/20
to django-d...@googlegroups.com
There was a GSoC
proposal this year for a SecretsManager that could
conceivably make what you suggest possible. Wasn't accepted
though.
Not sure if it's a security issue with beginners that require help setting up settings.py though. Should be easy enough to just paste the file (modified) somewhere.
LP,
Jure
Aymeric Augustin
Jun 13, 2020, 5:46:57 AM6/13/20
to django-d...@googlegroups.com
Django already attempt to mask security-sensitive settings in the debug page.
It would make sense to do the same by default for the output of diffsetting: obfuscate secrets.
A --include-secrets flag (on any other name) would show the secrets.
--
Aymeric.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/4370f935-9d2d-283d-3156-14c878fc1c93%40gmail.com.
Reply all
Reply to author
Forward
0 new messages