Opened 12 years ago

Closed 12 years ago

#18759 closed Cleanup/optimization (fixed)

Update SECRET_KEY setting's reference documentation

Reported by: Pi Delport Owned by: nobody
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Context: #17800 made the SECRET_KEY setting required.

The Django 1.4 release notes detail this change, but the reference documentation doesn't mention it.

Change History (5)

comment:1 by Pi Delport, 12 years ago

Has patch: set

GitHub pull request: 265

Version 0, edited 12 years ago by Pi Delport (next)

comment:2 by Claude Paroz, 12 years ago

Patch needs improvement: set
Triage Stage: UnreviewedAccepted
Version: 1.4master

AFAICS, I don't see that anything changed in the default value of SECRET_KEY. The change is that Django will not start if it is empty.

comment:3 by Pi Delport, 12 years ago

You're right; i had assumed that the deprecation would effectively remove the old default, but the actual default value still remains in 1.5's global_settings. Perhaps the default value should actually be removed entirely, as it's no longer usable, and serves no other purpose as far as i can tell?

In any case, here is an updated patch: #269. This keeps the documented default as it is, and also adds a more prominent warning about the security implications of running with an exposed SECRET_KEY, along the same lines as the 1.4 release notes (since this is what motivated the whole change in the first place).

comment:4 by Claude Paroz, 12 years ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:5 by Simon Meers <simon@…>, 12 years ago

Resolution: fixed
Status: newclosed

In [e38112d882a8aec0aaf6d52ab6d07fa1a408a3aa]:

Fixed #18759 -- updated SECRET_KEY documentation

Document SECRET_KEY becoming required in 1.5.

Also expand the description slightly, and add a more prominent warning
about the security implications of running with an exposed SECRET_KEY.

Note: See TracTickets for help on using tickets.
Back to Top