summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorArtem Kosenko <kosc@hotkosc.ru>2020-07-13 20:40:38 +0300
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2020-11-11 12:45:34 +0100
commitb7f500396e05cd1f0bb8901fce16e2d8393d2779 (patch)
tree1944befc1df7139131dd33c5ff57b96fc575df5c /docs/ref
parent721c95ba0b67eb46422dcf05a4274960e49c8894 (diff)
Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys.
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/checks.txt9
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt
index b7f941ff83..2ac5d4cb1d 100644
--- a/docs/ref/checks.txt
+++ b/docs/ref/checks.txt
@@ -437,10 +437,11 @@ The following checks are run if you use the :option:`check --deploy` option:
``True``. Unless your site should be available over both SSL and non-SSL
connections, you may want to either set this setting to ``True`` or configure
a load balancer or reverse-proxy server to redirect all connections to HTTPS.
-* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters or
- less than 5 unique characters. Please generate a long and random
- ``SECRET_KEY``, otherwise many of Django's security-critical features will be
- vulnerable to attack.
+* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters,
+ less than 5 unique characters, or it's prefixed with ``'django-insecure-'``
+ indicating that it was generated automatically by Django. Please generate a
+ long and random ``SECRET_KEY``, otherwise many of Django's security-critical
+ features will be vulnerable to attack.
* **security.W010**: You have :mod:`django.contrib.sessions` in your
:setting:`INSTALLED_APPS` but you have not set
:setting:`SESSION_COOKIE_SECURE` to ``True``. Using a secure-only session