Handling Sensitive Variables
Sensitive variables means the variables containing information like password, username, etc. To protect this information from getting showing in the error report we can use sensitive_variables decorator from django.views.decorators.debug module.
Example:
Python3
from django.views.decorators.debug import sensitive_variables @sensitive_variables ( 'password' , 'acc' , 'name' ) def fun(): password = user.password acc = user.account_no name = user.name |
We can also hide all the local variables to avoid them showing in error report by not providing any argument to the sensitive_variables decorator.
Example:
Python3
from django.views.decorators.debug import sensitive_variables @sensitive_variables () def fun(): password = user.password acc = user.account_no name = user.name |
Protecting sensitive information while deploying Django project
There will be a lot of sensitive information in our Django project resided in the settings.py, or local variables containing sensitive information or the POST request made using forms. So while deploying a Django project we always have to make sure they are protected especially the repositories that are publicly available. When a project is deployed without handling all possible test cases and with DEBUG=True then it makes the job of finding loopholes a piece of cake for hackers. So the user’s data may get exposed by neglecting the importance of protecting sensitive information in the settings.py file. There are many cases where there may occur a problem by exposing sensitive information mainly in the public repositories.
Contact Us