Hi, I was playing around with ldap/AD integration and got this errorreport mailed to our NOC-Group (see below) - this mail leaks my username/password in cleartext. I think this should really be avoided for any case happening! I don't have a clue about django but a quick search showed me this: https://docs.djangoproject.com/en/dev/howto/error-reporting/ Especially interesting might be this part: ... Filtering sensitive information <https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-sens itive-information> Error reports are really helpful for debugging errors, so it is generally useful to record as much relevant information about those errors as possible. For example, by default Django records the full traceback <http://en.wikipedia.org/wiki/Stack_trace> for the exception raised, each traceback frame <http://en.wikipedia.org/wiki/Stack_frame> ¹s local variables, and the HttpRequest <https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.Htt pRequest> ¹s attributes <https://docs.djangoproject.com/en/dev/ref/request-response/#httprequest-att ributes> . However, sometimes certain types of information may be too sensitive and thus may not be appropriate to be kept track of, for example a user¹s password or credit card number. So Django offers a set of function decorators to help you control which information should be filtered out of error reports in a production environment (that is, where DEBUG <https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-DEBUG> is set to False): sensitive_variables() <https://docs.djangoproject.com/en/dev/howto/error-reporting/#django.views.d ecorators.debug.sensitive_variables> and sensitive_post_parameters() <https://docs.djangoproject.com/en/dev/howto/error-reporting/#django.views.d ecorators.debug.sensitive_post_parameters> . ... I wonder if than can be integrated for NAV or if there is another way to get around exposure like that? Mischa Original mail we became for django error: ---- Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response response = callback(request, *callback_args, **callback_kwargs) File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 89, in login return do_login(request) File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 122, in do_login account = auth.authenticate(username, password) File "/usr/lib/pymodules/python2.7/nav/web/auth.py", line 95, in authenticate auth = ldapauth.authenticate(username, password) File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 120, in authenticate lconn = open_ldap() File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 76, in open_ldap server = _config.get('ldap', 'server') File "/usr/lib/python2.7/ConfigParser.py", line 618, in get raise NoOptionError(option, section) NoOptionError: No option 'server' in section: 'ldap' <WSGIRequest path:/index/login/, GET:<QueryDict: {}>, POST:<QueryDict: {u'origin': [u''], u'username': [u'diehm-adm'], u'password': [u'godDamnitDjango']}>, COOKIES:{'sessionid': 'd660941ae6b821799dbb47ed41d47009'}, META:{'CONTENT_LENGTH': '52', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'DOCUMENT_ROOT': '/usr/share/nav/htdocs', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTPS': '1', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'de,en-us;q=0.7,en;q=0.3', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'sessionid=d660941ae6b821799dbb47ed41d47009', 'HTTP_DNT': '1', 'HTTP_HOST': 'urz-nav-pet.urz.unibas.ch', 'HTTP_REFERER': 'https://urz-nav-pet.urz.unibas.ch/index/login/', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0', 'PATH_INFO': u'/index/login/', 'PATH_TRANSLATED': '/usr/share/pyshared/nav/wsgi.py/index/login/', 'QUERY_STRING': '', 'REMOTE_ADDR': '131.152.2.16', 'REMOTE_PORT': '59503', 'REQUEST_METHOD': 'POST', 'REQUEST_URI': '/index/login/', 'SCRIPT_FILENAME': '/usr/share/pyshared/nav/wsgi.py', 'SCRIPT_NAME': u'', 'SERVER_ADDR': '131.152.2.216', 'SERVER_ADMIN': 'webmaster@localhost', 'SERVER_NAME': 'urz-nav-pet.urz.unibas.ch', 'SERVER_PORT': '443', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SIGNATURE': '<address>Apache/2.2.22 (Debian) Server at urz-nav-pet.urz.unibas.ch Port 443</address>\n', 'SERVER_SOFTWARE': 'Apache/2.2.22 (Debian)', 'SSL_TLS_SNI': 'urz-nav-pet.urz.unibas.ch', 'mod_wsgi.application_group': 'urz-nav-pet.urz.unibas.ch|', 'mod_wsgi.callable_object': 'application', 'mod_wsgi.handler_script': '', 'mod_wsgi.input_chunked': '0', 'mod_wsgi.listener_host': '', 'mod_wsgi.listener_port': '443', 'mod_wsgi.process_group': 'NAV', 'mod_wsgi.request_handler': 'wsgi-script', 'mod_wsgi.script_reloading': '1', 'mod_wsgi.version': (3, 3), 'wsgi.errors': <mod_wsgi.Log object at 0x7fa322859430>, 'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7fa3228655d0>, 'wsgi.input': <mod_wsgi.Input object at 0x7fa3210d6eb0>, 'wsgi.multiprocess': True, 'wsgi.multithread': True, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'wsgi.version': (1, 1)}> -- Mischa Diehm | Network Operations Center (NOC) UniBasel | UniRechenZentrum (URZ) Klingebergstr. 70 | CH-4056 Basel Tel. +41 61 267 1574 | http://urz.unibas.ch