Handling POST Parameters
Let’s suppose one of the POST requests contains sensitive information like password, account number, credit card number, etc. We will also want to avoid this information showing in the error report. Django provides sensitive_post_parameters decorator to handle this from the django.views.decorators.debug module.
Example:
Python3
from django.views.decorators.debug import sensitive_post_parameters@sensitive_post_parameters('name', 'password', 'acc')def fun(request): name = request.POST['name'] password = request.POST['password'] acc = request.POST['account_no'] |
We can also hide all the post parameters by not providing any argument to the sensitive_post_parameters decorator.
Example:
Python3
from django.views.decorators.debug import sensitive_post_parameters@sensitive_post_parameters()def fun(request): name = request.POST['name'] password = request.POST['password'] acc = request.POST['account_no'] |
Protecting sensitive information while deploying Django project
There will be a lot of sensitive information in our Django project resided in the settings.py, or local variables containing sensitive information or the POST request made using forms. So while deploying a Django project we always have to make sure they are protected especially the repositories that are publicly available. When a project is deployed without handling all possible test cases and with DEBUG=True then it makes the job of finding loopholes a piece of cake for hackers. So the user’s data may get exposed by neglecting the importance of protecting sensitive information in the settings.py file. There are many cases where there may occur a problem by exposing sensitive information mainly in the public repositories.
Contact Us