Ticket #16285: signing_comment.diff

File signing_comment.diff, 809 bytes (added by PaulM, 4 years ago)
  • django/core/signing.py

     
    9696    save some space. Prepends a '.' to signify compression. This is included
    9797    in the signature, to protect against zip bombs.
    9898
    99     Salt can be used to further salt the hash, in case you're worried
    100     that the NSA might try to brute-force your SHA-1 protected secret.
     99    Salt can be used to namespace the hash, so that a signed string is
     100    only valid for a given namespace. Leaving this at the default
     101    value or re-using a salt value across different parts of your
     102    application without good cause is a security risk.
    101103    """
    102104    json = simplejson.dumps(obj, separators=(',', ':'))
    103105
Back to Top