Opened 4 years ago

Closed 4 years ago

#19679 closed Cleanup/optimization (fixed)

Default "" does not adequately describe "SECRET_KEY"

Reported by: retail79174@… Owned by: nobody
Component: Core (Management commands) Version: 1.4
Severity: Normal Keywords: settings secret key
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


In Django 1.3.4, after creating a project, the file "" contains the comment

# Make this unique, and don't share it with anybody.

for "SECRET_KEY". This is not clear for several reasons:

  1. It implies that the Django administrator has to do something to make it unique,
  2. Does not describe if and when it should ever be edited, and
  3. "don't share it" is ambiguous, especially for non-native English speakers.

The message should be changed to something like:

# This secret key was randomly-generated when you created your project; it is
# used for session encryption among other things. Do not change it unless you
# need to share session information among multiple Django sites. Make sure
# to protect it from being read by outsiders, or your site security may be
# compromised.

Change History (2)

comment:1 Changed 4 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Uncategorized to Cleanup/optimization

comment:2 Changed 4 years ago by timo

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
Back to Top