Django snippets

Log in or register

• Snippets
• About

1 2 3 4 5 6 7 8 9 10 11 12

import sys from django.core.handlers.base import BaseHandler class NoPasswordExceptionMiddleware(): def process_exception(self, request, exception): if 'password' in request.POST.keys(): post = request.POST.copy() post['password']='********************' request.POST = post b=BaseHandler() exc_info = sys.exc_info() b.handle_uncaught_exception(request,exception,exc_info)

Sometimes when a Django site's authentication backend goes down, a login will fail with a 500 error. This has happened to me when using an LDAP backend for authentication. A glitch with the settings, or ldap temporarily disappearing can make logins flake out for a short period of time.

That's fine, but when a 500 error occurs it e-mails detailed information about the error to the ADMINS. We like this behavior for most errors, but it is quite frustrating when it is a login form with a password as part of a POST. If it is one of us who gets our password e-mailed out, it's even more frustrating. It hits a mailing list first, and goes to the archives to be stored in plain text. It goes to several e-mail inboxes, some of which are not local inboxes.

I decided that enough was enough. Drop this middleware in, and it will change a "password" field in the POST to twenty asterisks. This was the default way to display other sensitive settings on the DEBUG page, so I figured I'd be consistant with that.

This snippet is distributed under the GPLv3 License http://www.gnu.org/licenses/gpl-3.0-standalone.html

Author:

jefferya

Posted:

February 15, 2009

Language:

Python

Tags:

exception middleware password

Score:

None (after 0 ratings)

Tools

• Download this snippet
• Comment on this snippet