Default "settings.py" does not adequately describe "SECRET_KEY"
|Reported by:||Owned by:||nobody|
|Component:||Core (Management commands)||Version:||1.4|
|Severity:||Normal||Keywords:||settings secret key|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In Django 1.3.4, after creating a project, the file "settings.py" contains the comment
# Make this unique, and don't share it with anybody.
for "SECRET_KEY". This is not clear for several reasons:
- It implies that the Django administrator has to do something to make it unique,
- Does not describe if and when it should ever be edited, and
- "don't share it" is ambiguous, especially for non-native English speakers.
The message should be changed to something like:
# This secret key was randomly-generated when you created your project; it is
# used for session encryption among other things. Do not change it unless you
# need to share session information among multiple Django sites. Make sure
# to protect it from being read by outsiders, or your site security may be