I guess this wasn't documented too well in DRF (or I'm just dumb :bulb:) but exception values are sent as a response to the client, resulting in things like:
<Response [401]>
{"detail":"access denied: MacMismatch: MACs do not match; ours: mbWCYE2x2BwEw3BHbtscUOVy0lgI9mO+Tj9oKRrvySs=; theirs: 5tqRSdX+ev+oumz2/+saKY3Xrgf8kmFDqAXzCn5tigg="}
This is a potential security problem because it might give the attacker enough clues to figure break the keys.
I guess this wasn't documented too well in DRF (or I'm just dumb :bulb:) but exception values are sent as a response to the client, resulting in things like:
This is a potential security problem because it might give the attacker enough clues to figure break the keys.