Opened 12 years ago
Closed 12 years ago
#18759 closed Cleanup/optimization (fixed)
Update SECRET_KEY setting's reference documentation
Reported by: | Pi Delport | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
Context: #17800 made the SECRET_KEY
setting required.
The Django 1.4 release notes detail this change, but the reference documentation doesn't mention it.
Change History (5)
comment:2 by , 12 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Unreviewed → Accepted |
Version: | 1.4 → master |
AFAICS, I don't see that anything changed in the default value of SECRET_KEY. The change is that Django will not start if it is empty.
comment:3 by , 12 years ago
You're right; i had assumed that the deprecation would effectively remove the old default, but the actual default value still remains in 1.5's global_settings
. Perhaps the default value should actually be removed entirely, as it's no longer usable, and serves no other purpose as far as i can tell?
In any case, here is an updated patch: #269. This keeps the documented default as it is, and also adds a more prominent warning about the security implications of running with an exposed SECRET_KEY
, along the same lines as the 1.4 release notes (since this is what motivated the whole change in the first place).
comment:4 by , 12 years ago
Patch needs improvement: | unset |
---|---|
Triage Stage: | Accepted → Ready for checkin |
comment:5 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
GitHub pull request: #265