summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/checks.txt9
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt
index b7f941ff83..2ac5d4cb1d 100644
--- a/docs/ref/checks.txt
+++ b/docs/ref/checks.txt
@@ -437,10 +437,11 @@ The following checks are run if you use the :option:`check --deploy` option:
``True``. Unless your site should be available over both SSL and non-SSL
connections, you may want to either set this setting to ``True`` or configure
a load balancer or reverse-proxy server to redirect all connections to HTTPS.
-* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters or
- less than 5 unique characters. Please generate a long and random
- ``SECRET_KEY``, otherwise many of Django's security-critical features will be
- vulnerable to attack.
+* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters,
+ less than 5 unique characters, or it's prefixed with ``'django-insecure-'``
+ indicating that it was generated automatically by Django. Please generate a
+ long and random ``SECRET_KEY``, otherwise many of Django's security-critical
+ features will be vulnerable to attack.
* **security.W010**: You have :mod:`django.contrib.sessions` in your
:setting:`INSTALLED_APPS` but you have not set
:setting:`SESSION_COOKIE_SECURE` to ``True``. Using a secure-only session