This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author georg.brandl
Recipients Bithin.A, georg.brandl, loewis
Date 2012-01-13.20:39:32
SpamBayes Score 1.0783544e-07
Marked as misclassified No
Message-id <1326487173.31.0.155471858538.issue13737@psf.upfronthosting.co.za>
In-reply-to
Content
While the actual code may be accessible to everyone, the server configuration (paths etc. -- just look at the page; at least the session secret key and passwords are masked by Django) are not, and exposing that can be a security problem as well.  And while I agree that this possibility appears remote, just look at the current discussion about hashing attacks.  Running in debug mode also simply looks bad to just about every web programmer, which explains this bug report.

Lastly, setting DEBUG to true also has other consequences, like the possibility to "leak" memory for long-running processes, as explained here: https://docs.djangoproject.com/en/1.3/faq/models/
History
Date User Action Args
2012-01-13 20:39:33georg.brandlsetrecipients: + georg.brandl, loewis, Bithin.A
2012-01-13 20:39:33georg.brandlsetmessageid: <1326487173.31.0.155471858538.issue13737@psf.upfronthosting.co.za>
2012-01-13 20:39:32georg.brandllinkissue13737 messages
2012-01-13 20:39:32georg.brandlcreate