using sensitive_post_parameters to hide password in email report
18 views
Skip to first unread message
John DeAngelis
Jun 19, 2017, 5:48:12 PM6/19/17
to Django users
Hello,
If I mangle the CSRF token in the Django login form, and then try to login, I get a:
HTTP 403 CSRF verification failed. Request aborted
which is expected.
This then will generate an email that is sent to the admins but the email contains the password from the login form in clear text which I do not want.
I assumed that sensitive_post_params() would hide the password in POST in the email report but it did not.
Is there a way to hide the password in the email report?
Thank you,
John
If I mangle the CSRF token in the Django login form, and then try to login, I get a:
HTTP 403 CSRF verification failed. Request aborted
which is expected.
This then will generate an email that is sent to the admins but the email contains the password from the login form in clear text which I do not want.
I assumed that sensitive_post_params() would hide the password in POST in the email report but it did not.
Is there a way to hide the password in the email report?
Thank you,
John
Reply all
Reply to author
Forward
0 new messages