Rename database arguments variable for better security.

Jyrki Launonen · japsu · commit 84a7214883f9 · 2013-06-30T13:11:43.000+03:00
diff --git a/README b/README
@@ -68,7 +68,7 @@ AUTHENTICATION_BACKENDS = (
 )
 
 PHPBB_AUTH_DB_MODULE = "psycopg2"
-PHPBB_AUTH_DB_PARAMS = {
+PHPBB_AUTH_DB_KEYS = {
     "user": "",
     "password": "",
     "database": "",
diff --git a/examples/hammertime/settings.py.dist b/examples/hammertime/settings.py.dist
@@ -88,7 +88,7 @@ AUTHENTICATION_BACKENDS = (
 )
 
 PHPBB_AUTH_DB_MODULE = "psycopg2"
-PHPBB_AUTH_DB_PARAMS = {
+PHPBB_AUTH_DB_KEYS = {
     "user": "",
     "password": "",
     "database": "",
diff --git a/phpbb/auth/backends.py b/phpbb/auth/backends.py
@@ -22,13 +22,22 @@
 
 from phpbb.auth.auth_db import login_db
 from phpbb.auth.sql import setup, is_setup
+from django.views.decorators.debug import sensitive_variables
 
+@sensitive_variables("db_settings")
 def connect_to_database():
     if is_setup():
         return
 
     db_module = __import__(settings.PHPBB_AUTH_DB_MODULE, globals(), locals(), [], -1)
-    conn = db_module.connect(**settings.PHPBB_AUTH_DB_PARAMS)
+
+    db_settings = getattr(settings, "PHPBB_AUTH_DB_KEYS", None)
+    if db_settings is None:
+        import warnings
+        warnings.warn("PHPBB_AUTH_DB_PARAMS should be renamed to PHPBB_AUTH_DB_KEYS for better security!")
+        db_settings = settings.PHPBB_AUTH_DB_PARAMS
+
+    conn = db_module.connect(**db_settings)
     setup(conn, param_style=settings.PHPBB_AUTH_DB_PARAM_STYLE, users_table=settings.PHPBB_AUTH_DB_USERS_TABLE)
 
 class PhpbbBackend(object):
