Opened 4 years ago

Closed 4 years ago

#18759 closed Cleanup/optimization (fixed)

Update SECRET_KEY setting's reference documentation

Reported by: Piet Delport Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Context: #17800 made the SECRET_KEY setting required.

The Django 1.4 release notes detail this change, but the reference documentation doesn't mention it.

Change History (5)

comment:1 Changed 4 years ago by Piet Delport

Has patch: set
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

GitHub pull request: #265

Last edited 4 years ago by Piet Delport (previous) (diff)

comment:2 Changed 4 years ago by Claude Paroz

Patch needs improvement: set
Triage Stage: UnreviewedAccepted
Version: 1.4master

AFAICS, I don't see that anything changed in the default value of SECRET_KEY. The change is that Django will not start if it is empty.

comment:3 Changed 4 years ago by Piet Delport

You're right; i had assumed that the deprecation would effectively remove the old default, but the actual default value still remains in 1.5's global_settings. Perhaps the default value should actually be removed entirely, as it's no longer usable, and serves no other purpose as far as i can tell?

In any case, here is an updated patch: #269. This keeps the documented default as it is, and also adds a more prominent warning about the security implications of running with an exposed SECRET_KEY, along the same lines as the 1.4 release notes (since this is what motivated the whole change in the first place).

comment:4 Changed 4 years ago by Claude Paroz

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:5 Changed 4 years ago by Simon Meers <simon@…>

Resolution: fixed
Status: newclosed

In [e38112d882a8aec0aaf6d52ab6d07fa1a408a3aa]:

Fixed #18759 -- updated SECRET_KEY documentation

Document SECRET_KEY becoming required in 1.5.

Also expand the description slightly, and add a more prominent warning
about the security implications of running with an exposed SECRET_KEY.

Note: See TracTickets for help on using tickets.
Back to Top