Opened 11 years ago
Closed 11 years ago
#19679 closed Cleanup/optimization (fixed)
Default "settings.py" does not adequately describe "SECRET_KEY"
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | 1.4 |
| Severity: | Normal | Keywords: | settings secret key |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
In Django 1.3.4, after creating a project, the file "settings.py" contains the comment
# Make this unique, and don't share it with anybody.
for "SECRET_KEY". This is not clear for several reasons:
- It implies that the Django administrator has to do something to make it unique,
- Does not describe if and when it should ever be edited, and
- "don't share it" is ambiguous, especially for non-native English speakers.
The message should be changed to something like:
# This secret key was randomly-generated when you created your project; it is
# used for session encryption among other things. Do not change it unless you
# need to share session information among multiple Django sites. Make sure
# to protect it from being read by outsiders, or your site security may be
# compromised.
Change History (2)
comment:1 by , 11 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|---|
| Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Merged in 3f1c7b70537330435e2ec2fca9550f7b7fa4372e
Note:
See TracTickets
for help on using tickets.
This is fixed in my branch: https://github.com/aaugustin/django/compare/simplify-project-template