DJE-005 Critical Security

DEBUG=True in production

Error message

Django debug mode enabled in production environment

Running with DEBUG=True in production exposes detailed error pages with stack traces, local variables, settings, and installed apps. This gives attackers a roadmap of your application internals.

config production security

Affected versions: >=0.2.0

Solution

Recommended

Use environment variable for DEBUG setting

Set DEBUG from an environment variable, defaulting to False. This ensures production deployments are safe by default.

Before (problematic)

# settings.py
DEBUG = True  # Hardcoded!

After (fixed)

import os

# settings.py
DEBUG = os.environ.get("DJANGO_DEBUG", "").lower() == "true"

Back to Error Reference