Opened 5 years ago

Closed 5 years ago

#19679 closed Cleanup/optimization (fixed)

Default "" does not adequately describe "SECRET_KEY"

Reported by: retail79174@… Owned by: nobody
Component: Core (Management commands) Version: 1.4
Severity: Normal Keywords: settings secret key
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


In Django 1.3.4, after creating a project, the file "" contains the comment

# Make this unique, and don't share it with anybody.

for "SECRET_KEY". This is not clear for several reasons:

  1. It implies that the Django administrator has to do something to make it unique,
  2. Does not describe if and when it should ever be edited, and
  3. "don't share it" is ambiguous, especially for non-native English speakers.

The message should be changed to something like:

# This secret key was randomly-generated when you created your project; it is
# used for session encryption among other things. Do not change it unless you
# need to share session information among multiple Django sites. Make sure
# to protect it from being read by outsiders, or your site security may be
# compromised.

Change History (2)

comment:1 Changed 5 years ago by Aymeric Augustin

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

comment:2 Changed 5 years ago by Tim Graham

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.
Back to Top