summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2020-07-31 20:56:33 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2020-08-04 09:39:29 +0200
commit985735265563d4bb0ff44cf6b823446e1813fa34 (patch)
tree868c216cb98ead051b9e56fcaf49c862a3382127 /docs/ref
parentacb7866b1fdda7592d9a16f0d0cc98f5d86a0a56 (diff)
[3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. Backport of d907371ef99a1e4ca6bc1660f57d81f265750984 from master.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/checks.txt6
-rw-r--r--docs/ref/settings.txt21
2 files changed, 27 insertions, 0 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt
index d0cc4b163b..f4c8e8e213 100644
--- a/docs/ref/checks.txt
+++ b/docs/ref/checks.txt
@@ -474,6 +474,12 @@ The following checks are run if you use the :option:`check --deploy` option:
* **security.E023**: You have set the :setting:`SECURE_REFERRER_POLICY` setting
to an invalid value.
+The following checks verify that your security-related settings are correctly
+configured:
+
+* **security.E100**: :setting:`DEFAULT_HASHING_ALGORITHM` must be ``'sha1'`` or
+ ``'sha256'``.
+
Signals
-------
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 2306ed26fe..a4b4828a5a 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1295,6 +1295,27 @@ Default email address to use for various automated correspondence from the
site manager(s). This doesn't include error messages sent to :setting:`ADMINS`
and :setting:`MANAGERS`; for that, see :setting:`SERVER_EMAIL`.
+.. setting:: DEFAULT_HASHING_ALGORITHM
+
+``DEFAULT_HASHING_ALGORITHM``
+-----------------------------
+
+.. versionadded:: 3.1
+
+Default: ``'sha256'``
+
+Default hashing algorithm to use for encoding cookies, password reset tokens in
+the admin site, user sessions, and signatures created by
+:class:`django.core.signing.Signer` and :meth:`django.core.signing.dumps`.
+Algorithm must be ``'sha1'`` or ``'sha256'``. See
+:ref:`release notes <default-hashing-algorithm-usage>` for usage details.
+
+.. deprecated:: 3.1
+
+ This transitional setting is deprecated. Support for it and tokens,
+ cookies, sessions, and signatures that use SHA-1 hashing algorithm will be
+ removed in Django 4.0.
+
.. setting:: DEFAULT_INDEX_TABLESPACE
``DEFAULT_INDEX_TABLESPACE``