diff options
| author | Jannis Leidel <jannis@leidel.info> | 2011-06-26 16:52:01 +0000 |
|---|---|---|
| committer | Jannis Leidel <jannis@leidel.info> | 2011-06-26 16:52:01 +0000 |
| commit | 32ea1285abe91da7cc2a11df2c7608c407d51bf0 (patch) | |
| tree | 9f2be7dad10997b84d1b88d9dd8357ac84f1460e | |
| parent | 352b7ffaf039b3b7b112dd60a690101ecec70cf2 (diff) | |
Fixed #16285 -- Removed a misleading comment from the signing code, thanks PaulM.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/core/signing.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/django/core/signing.py b/django/core/signing.py index 054777a260..fadeb8a923 100644 --- a/django/core/signing.py +++ b/django/core/signing.py @@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False): save some space. Prepends a '.' to signify compression. This is included in the signature, to protect against zip bombs. - Salt can be used to further salt the hash, in case you're worried - that the NSA might try to brute-force your SHA-1 protected secret. + Salt can be used to namespace the hash, so that a signed string is + only valid for a given namespace. Leaving this at the default + value or re-using a salt value across different parts of your + application without good cause is a security risk. """ json = simplejson.dumps(obj, separators=(',', ':')) |
