Hello,
If I mangle the CSRF token in the Django login form, and then try to login, I get a:
HTTP 403 CSRF verification failed. Request aborted
which is expected.
This then will generate an email that is sent to the admins but the email contains the password from the login form in clear text which I do not want.
I assumed that sensitive_post_params() would hide the password in POST in the email report but it did not.
Is there a way to hide the password in the email report?
Thank you,
John
-- If I mangle the CSRF token in the Django login form, and then try to login, I get a:
HTTP 403 CSRF verification failed. Request aborted
which is expected.
This then will generate an email that is sent to the admins but the email contains the password from the login form in clear text which I do not want.
I assumed that sensitive_post_params() would hide the password in POST in the email report but it did not.
Is there a way to hide the password in the email report?
Thank you,
John
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d91577fa-491e-4028-8a63-1894bf193d89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment