views:

1623

answers:

3

I'm running Django 1.0 and I'm close to deploying my app. As such, I'll be changing the DEBUG setting to False.

With that being said, I'd still like to include the stacktrace on my 500.html page when errors occur. By doing so, users can copy-and-paste the errors and easily email them to the developers.

Any thoughts on how best to approach this issue?

+8  A: 

Automatically log your 500s, that way:

  • You know when they occur.
  • You don't need to rely on users sending you stacktraces.

Joel recommends even going so far as automatically creating tickets in your bug tracker when your application experiences a failure. Personally, I create a (private) RSS feed with the stacktraces, urls, etc. that the developers can subscribe to.

Showing stack traces to your users on the other hand could possibly leak information that malicious users could use to attack your site. Overly detailed error messages are one of the classic stepping stones to SQL injection attacks.

Edit (added code sample to capture traceback):

You can get the exception information from the sys.exc_info call. While formatting the traceback for display comes from the traceback module:

import traceback
import sys

try:
 raise Exception("Message")
except:
 type, value, tb = sys.exc_info()
 print >> sys.stderr,  type.__name__, ":", value
 print >> sys.stderr, '\n'.join(traceback.format_tb(tb))

Prints:

Exception : Message
  File "exception.py", line 5, in <module>
    raise Exception("Message")
Aaron Maenpaa
Ah...good point. Can you shed some light on the best approach to log each time a 500 error occurs (and include the stacktrace)?
Huuuze
Edited to add how I handle logging stack trances: private RSS feed for the developers.
Aaron Maenpaa
Code sample would be nice...
S.Lott
A: 

You could call sys.exc_info() in a custom exception handler. But I don't recommend that. Django can send you emails for exceptions.

Armin Ronacher
+8  A: 

As @zacherates says, you really don't want to display a stacktrace to your users. The easiest approach to this problem is what Django does by default if you have yourself and your developers listed in the ADMINS setting with email addresses; it sends an email to everyone in that list with the full stack trace (and more) everytime there is a 500 error with DEBUG = False.

Carl Meyer