Code

#20227 closed Uncategorized (wontfix)

Accept an empty SECRET_KEY when DEBUG is True

Reported by: lsaffre Owned by: nobody
Component: Uncategorized Version: 1.5
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django should accept an empty SECRET_KEY when DEBUG is True. Okay Django 1.5 is more severe about security leaks and it's okay to say that a SECRET_KEY setting is required (https://docs.djangoproject.com/en/dev/releases/1.4/#secret-key-setting-is-required), but when DEBUG is True Django shouldn't be so nit-picky.

Attachments (0)

Change History (3)

comment:1 Changed 15 months ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

This proposal assumes that no one will run a Django website in production with DEBUG = True.

Unfortunately, I'm afraid this isn't a valid assumption.

comment:2 Changed 15 months ago by bmispelon

I'm -1 on this idea too:

  • It's one more thing that can break when changing DEBUG from True to False.
  • startproject will anyway generate a good SECRET_KEY for you, so you get a fully functional settings file out of the box (especially with the new project template).
  • Even if you try to use an empty secret key, django will give you an error message with instructions on how to fix it.

comment:3 Changed 15 months ago by aaugustin

  • Resolution set to wontfix
  • Status changed from new to closed

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.