diff options
| author | Jannis Leidel <jannis@leidel.info> | 2011-05-23 13:23:00 +0000 |
|---|---|---|
| committer | Jannis Leidel <jannis@leidel.info> | 2011-05-23 13:23:00 +0000 |
| commit | 4c4e46e64656e6038793e024bc97d0d1afc63d8a (patch) | |
| tree | a3007b5eb93d83918634931912f4f636018378ed /docs/topics | |
| parent | 17a6bb0f700dcdf422d88dcb110b76098e948674 (diff) | |
Fixed #16078 -- Fixed a few typos in the signing documentation. Thanks, brutasse.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/topics')
| -rw-r--r-- | docs/topics/signing.txt | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt index 7989643297..da030af80e 100644 --- a/docs/topics/signing.txt +++ b/docs/topics/signing.txt @@ -31,7 +31,7 @@ Protecting the SECRET_KEY ========================= When you create a new Django project using :djadmin:`startproject`, the -``settings.py`` file it generates automatically gets a random +``settings.py`` file is generated automatically and gets a random :setting:`SECRET_KEY` value. This value is the key to securing signed data -- it is vital you keep this secure, or attackers could use it to generate their own signed values. @@ -58,7 +58,7 @@ You can retrieve the original value using the ``unsign`` method:: u'My string' If the signature or value have been altered in any way, a -``django.core.signing.BadSigature`` exception will be raised:: +``django.core.signing.BadSignature`` exception will be raised:: >>> value += 'm' >>> try: @@ -122,10 +122,10 @@ Protecting complex data structures ---------------------------------- If you wish to protect a list, tuple or dictionary you can do so using the -signing module's dumps and loads functions. These imitate Python's pickle -module, but uses JSON serialization under the hood. JSON ensures that even -if your :setting:`SECRET_KEY` is stolen an attacker will not be able to -execute arbitrary commands by exploiting the pickle format.:: +signing module's ``dumps`` and ``loads`` functions. These imitate Python's +pickle module, but use JSON serialization under the hood. JSON ensures that +even if your :setting:`SECRET_KEY` is stolen an attacker will not be able +to execute arbitrary commands by exploiting the pickle format.:: >>> from django.core import signing >>> value = signing.dumps({"foo": "bar"}) @@ -133,3 +133,11 @@ execute arbitrary commands by exploiting the pickle format.:: 'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI' >>> signing.loads(value) {'foo': 'bar'} + +.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False) + + Returns URL-safe, sha1 signed base64 compressed JSON string. + +.. function:: loads(string, key=None, salt='django.core.signing', max_age=None) + + Reverse of dumps(), raises ``BadSignature`` if signature fails. |