Opened 12 years ago
Closed 12 years ago
#20227 closed Uncategorized (wontfix)
Accept an empty SECRET_KEY when DEBUG is True
Reported by: | Luc Saffre | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 1.5 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Django should accept an empty SECRET_KEY when DEBUG is True. Okay Django 1.5 is more severe about security leaks and it's okay to say that a SECRET_KEY setting is required (https://docs.djangoproject.com/en/dev/releases/1.4/#secret-key-setting-is-required), but when DEBUG is True Django shouldn't be so nit-picky.
Change History (3)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
I'm -1 on this idea too:
- It's one more thing that can break when changing
DEBUG
fromTrue
toFalse
.
startproject
will anyway generate a goodSECRET_KEY
for you, so you get a fully functional settings file out of the box (especially with the new project template).
- Even if you try to use an empty secret key, django will give you an error message with instructions on how to fix it.
comment:3 by , 12 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This proposal assumes that no one will run a Django website in production with
DEBUG = True
.Unfortunately, I'm afraid this isn't a valid assumption.