I used django + celery + python + djcelery + flower for my development. In the view of django. I did something like:
def handle(req):
task_name.apply_async(args=(req.POST['username'], req.POST['password'], 'p1', 'p2'), queue='x')
everything works well.
But when I check the celery flower, I found the username/password is there. when I check djcelery in django admin, the username/password is there too.
So my question are:
- can we make the parameter just in memory so that no people can see them?
- I want to purge the existing task log in flower, can I?
Update:
I think the args are captured by djcelery, since I find out these data are stored in djcelery_taskstate.
Update:
- Djcelery use celerycam to capture these information and store them in backend and show them in django admin.
- The flower, I think, use some similar method to capture these information and show them in flower page. But the following way can prevent flower from capturing some sensitive data. http://flower.readthedocs.org/en/latest/config.html#format-task
- I still not find out a way to disable celerycam capture these data..
Update:
finally, I fix the celerycam with mysql trigger. whenever it stores the password into database, I used trigger to erase the passworsd
Thanks
