#95 closed defect (fixed)
Encourage people to change the TAMPER_SECRET
Reported by: | Simon Willison | Owned by: | Adrian Holovaty |
---|---|---|---|
Component: | Core (Other) | Version: | |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Design decision needed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
TAMPER_SECRET in source:django/trunk/django/middleware/admin.py#3 should be unique (and secret) for every deployed Django application. This needs to be mentioned in the documentation. The constant should probably be moved to settings.py rather than living in the middleware module.
Note:
See TracTickets
for help on using tickets.
Fixed in [230]. Thanks, Simon!