[Django] #35930: Database password visible on debug page (view source only)
12 views
Skip to first unread message
Django
Nov 22, 2024, 8:33:28 AM11/22/24
to django-...@googlegroups.com
#35930: Database password visible on debug page (view source only)
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Type:
| Uncategorized
Status: new | Component:
| Uncategorized
Version: 4.1 | Severity: Normal
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
In debug page view, secrets are not visible due to masked with '*' but in
view page source db password is visible:
[[Image(https://github.com/user-attachments/assets/a7504c2e-99b4-4268
-8eab-1858742105ec)]]
Password length: 99
Characters: All password requirements including all symbols.
--
Ticket URL: <https://code.djangoproject.com/ticket/35930>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Type:
| Uncategorized
Status: new | Component:
| Uncategorized
Version: 4.1 | Severity: Normal
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
In debug page view, secrets are not visible due to masked with '*' but in
view page source db password is visible:
[[Image(https://github.com/user-attachments/assets/a7504c2e-99b4-4268
-8eab-1858742105ec)]]
Password length: 99
Characters: All password requirements including all symbols.
--
Ticket URL: <https://code.djangoproject.com/ticket/35930>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Nov 22, 2024, 8:34:08 AM11/22/24
to django-...@googlegroups.com
#35930: Database password visible on debug page (view source only)
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Owner: (none)
-------------------------------------+-------------------------------------
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 4.1
Severity: Normal | Resolution:
Component: Uncategorized | Version: 4.1
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by bytej4ck):
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* Attachment "2024-11-22_21-17.png" added.
Django
Nov 22, 2024, 4:33:35 PM11/22/24
to django-...@googlegroups.com
#35930: Database password visible on debug page (view source only)
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Owner: (none)
Type: Bug | Status: closed
-------------------------------------+-------------------------------------
Reporter: bytej4ck | Owner: (none)
Component: Error reporting | Version: 4.1
Severity: Normal | Resolution: needsinfo
Keywords: db, password, | Triage Stage:
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Tim Graham):
exposed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* component: Uncategorized => Error reporting
* resolution: => needsinfo
* status: new => closed
* type: Uncategorized => Bug
Comment:
It's unclear how to reproduce the problem. Please reopen if you can
provide a minimal example.
--
Ticket URL: <https://code.djangoproject.com/ticket/35930#comment:1>
Reply all
Reply to author
Forward
0 new messages