Opened 11 years ago
Closed 11 years ago
#20227 closed Uncategorized (wontfix)
Accept an empty SECRET_KEY when DEBUG is True
| Reported by: | Luc Saffre | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.5 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Django should accept an empty SECRET_KEY when DEBUG is True. Okay Django 1.5 is more severe about security leaks and it's okay to say that a SECRET_KEY setting is required (https://docs.djangoproject.com/en/dev/releases/1.4/#secret-key-setting-is-required), but when DEBUG is True Django shouldn't be so nit-picky.
Change History (3)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
I'm -1 on this idea too:
- It's one more thing that can break when changing
DEBUGfromTruetoFalse.
startprojectwill anyway generate a goodSECRET_KEYfor you, so you get a fully functional settings file out of the box (especially with the new project template).
- Even if you try to use an empty secret key, django will give you an error message with instructions on how to fix it.
comment:3 by , 11 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This proposal assumes that no one will run a Django website in production with
DEBUG = True.Unfortunately, I'm afraid this isn't a valid assumption.