Code

#18759 closed Cleanup/optimization (fixed)

Update SECRET_KEY setting's reference documentation

Reported by: pjdelport Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Context: #17800 made the SECRET_KEY setting required.

The Django 1.4 release notes detail this change, but the reference documentation doesn't mention it.

Attachments (0)

Change History (5)

comment:1 Changed 21 months ago by pjdelport

  • Has patch set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

GitHub pull request: #265

Last edited 21 months ago by pjdelport (previous) (diff)

comment:2 Changed 20 months ago by claudep

  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted
  • Version changed from 1.4 to master

AFAICS, I don't see that anything changed in the default value of SECRET_KEY. The change is that Django will not start if it is empty.

comment:3 Changed 20 months ago by pjdelport

You're right; i had assumed that the deprecation would effectively remove the old default, but the actual default value still remains in 1.5's global_settings. Perhaps the default value should actually be removed entirely, as it's no longer usable, and serves no other purpose as far as i can tell?

In any case, here is an updated patch: #269. This keeps the documented default as it is, and also adds a more prominent warning about the security implications of running with an exposed SECRET_KEY, along the same lines as the 1.4 release notes (since this is what motivated the whole change in the first place).

comment:4 Changed 20 months ago by claudep

  • Patch needs improvement unset
  • Triage Stage changed from Accepted to Ready for checkin

comment:5 Changed 20 months ago by Simon Meers <simon@…>

  • Resolution set to fixed
  • Status changed from new to closed

In [e38112d882a8aec0aaf6d52ab6d07fa1a408a3aa]:

Fixed #18759 -- updated SECRET_KEY documentation

Document SECRET_KEY becoming required in 1.5.

Also expand the description slightly, and add a more prominent warning
about the security implications of running with an exposed SECRET_KEY.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.