diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-31 20:56:33 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-08-04 09:39:29 +0200 |
| commit | 985735265563d4bb0ff44cf6b823446e1813fa34 (patch) | |
| tree | 868c216cb98ead051b9e56fcaf49c862a3382127 /docs/ref | |
| parent | acb7866b1fdda7592d9a16f0d0cc98f5d86a0a56 (diff) | |
[3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
Backport of d907371ef99a1e4ca6bc1660f57d81f265750984 from master.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/checks.txt | 6 | ||||
| -rw-r--r-- | docs/ref/settings.txt | 21 |
2 files changed, 27 insertions, 0 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt index d0cc4b163b..f4c8e8e213 100644 --- a/docs/ref/checks.txt +++ b/docs/ref/checks.txt @@ -474,6 +474,12 @@ The following checks are run if you use the :option:`check --deploy` option: * **security.E023**: You have set the :setting:`SECURE_REFERRER_POLICY` setting to an invalid value. +The following checks verify that your security-related settings are correctly +configured: + +* **security.E100**: :setting:`DEFAULT_HASHING_ALGORITHM` must be ``'sha1'`` or + ``'sha256'``. + Signals ------- diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 2306ed26fe..a4b4828a5a 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -1295,6 +1295,27 @@ Default email address to use for various automated correspondence from the site manager(s). This doesn't include error messages sent to :setting:`ADMINS` and :setting:`MANAGERS`; for that, see :setting:`SERVER_EMAIL`. +.. setting:: DEFAULT_HASHING_ALGORITHM + +``DEFAULT_HASHING_ALGORITHM`` +----------------------------- + +.. versionadded:: 3.1 + +Default: ``'sha256'`` + +Default hashing algorithm to use for encoding cookies, password reset tokens in +the admin site, user sessions, and signatures created by +:class:`django.core.signing.Signer` and :meth:`django.core.signing.dumps`. +Algorithm must be ``'sha1'`` or ``'sha256'``. See +:ref:`release notes <default-hashing-algorithm-usage>` for usage details. + +.. deprecated:: 3.1 + + This transitional setting is deprecated. Support for it and tokens, + cookies, sessions, and signatures that use SHA-1 hashing algorithm will be + removed in Django 4.0. + .. setting:: DEFAULT_INDEX_TABLESPACE ``DEFAULT_INDEX_TABLESPACE`` |
