On Wed, Apr 22, 2015 at 3:05 PM, Tim Graham <[email protected]> wrote: > I have some concerns from a security standpoint. For example, some exception > messages are definitely not meant to be displayed to end users and may leak > server implementation details. For example:
This is saying you can't have a gun because you might shoot yourself in the foot, but then how do you shoot the bear? The error handler is under the developers control, so what they choose to do with the exception is their business. The default implementation need not show anything more than is currently available, but it could be replaced with something that does what the developer needs, and it would be their responsibility that they keep their toes, so to speak. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAFHbX1J-uiNoP9OuHqX3ekPj77k%3DmbEbWsevRnakmYevBQu5EQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
