Sometimes when a Django site's authentication backend goes down, a login will fail with a 500 error. This has happened to me when using an LDAP backend for authentication. A glitch with the settings, or ldap temporarily disappearing can make logins flake out for a short period of time.
That's fine, but when a 500 error occurs it e-mails detailed information about the error to the ADMINS. We like this behavior for most errors, but it is quite frustrating when it is a login form with a password as part of a POST. If it is one of us who gets our password e-mailed out, it's even more frustrating. It hits a mailing list first, and goes to the archives to be stored in plain text. It goes to several e-mail inboxes, some of which are not local inboxes.
I decided that enough was enough. Drop this middleware in, and it will change a "password" field in the POST to twenty asterisks. This was the default way to display other sensitive settings on the DEBUG page, so I figured I'd be consistant with that.
This snippet is distributed under the GPLv3 License http://www.gnu.org/licenses/gpl-3.0-standalone.html
1 2 3 4 5 6 7 8 9 10 11 12
import sys from django.core.handlers.base import BaseHandler class NoPasswordExceptionMiddleware(): def process_exception(self, request, exception): if 'password' in request.POST.keys(): post = request.POST.copy() post['password']='********************' request.POST = post b=BaseHandler() exc_info = sys.exc_info() b.handle_uncaught_exception(request,exception,exc_info)
More like this
- Browser-native date input field by kytta 1 month, 1 week ago
- Generate and render HTML Table by LLyaudet 1 month, 2 weeks ago
- My firs Snippets by GutemaG 1 month, 3 weeks ago
- FileField having auto upload_to path by junaidmgithub 2 months, 4 weeks ago
- LazyPrimaryKeyRelatedField by LLyaudet 3 months ago