diff options
| author | Artem Kosenko <kosc@hotkosc.ru> | 2020-07-13 20:40:38 +0300 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-11-11 12:45:34 +0100 |
| commit | b7f500396e05cd1f0bb8901fce16e2d8393d2779 (patch) | |
| tree | 1944befc1df7139131dd33c5ff57b96fc575df5c /docs/ref | |
| parent | 721c95ba0b67eb46422dcf05a4274960e49c8894 (diff) | |
Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys.
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/checks.txt | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt index b7f941ff83..2ac5d4cb1d 100644 --- a/docs/ref/checks.txt +++ b/docs/ref/checks.txt @@ -437,10 +437,11 @@ The following checks are run if you use the :option:`check --deploy` option: ``True``. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting to ``True`` or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS. -* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters or - less than 5 unique characters. Please generate a long and random - ``SECRET_KEY``, otherwise many of Django's security-critical features will be - vulnerable to attack. +* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters, + less than 5 unique characters, or it's prefixed with ``'django-insecure-'`` + indicating that it was generated automatically by Django. Please generate a + long and random ``SECRET_KEY``, otherwise many of Django's security-critical + features will be vulnerable to attack. * **security.W010**: You have :mod:`django.contrib.sessions` in your :setting:`INSTALLED_APPS` but you have not set :setting:`SESSION_COOKIE_SECURE` to ``True``. Using a secure-only session |
