summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJannis Leidel <jannis@leidel.info>2011-06-26 16:52:01 +0000
committerJannis Leidel <jannis@leidel.info>2011-06-26 16:52:01 +0000
commit32ea1285abe91da7cc2a11df2c7608c407d51bf0 (patch)
tree9f2be7dad10997b84d1b88d9dd8357ac84f1460e
parent352b7ffaf039b3b7b112dd60a690101ecec70cf2 (diff)
Fixed #16285 -- Removed a misleading comment from the signing code, thanks PaulM.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/core/signing.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/django/core/signing.py b/django/core/signing.py
index 054777a260..fadeb8a923 100644
--- a/django/core/signing.py
+++ b/django/core/signing.py
@@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
- Salt can be used to further salt the hash, in case you're worried
- that the NSA might try to brute-force your SHA-1 protected secret.
+ Salt can be used to namespace the hash, so that a signed string is
+ only valid for a given namespace. Leaving this at the default
+ value or re-using a salt value across different parts of your
+ application without good cause is a security risk.
"""
json = simplejson.dumps(obj, separators=(',', ':'))