Form wizard docs mention that MD5 hashes are made using settings.SECRET_KEY - http://docs.djangoproject.com/en/dev/ref/contrib/formtools/form-wizard/#django.contrib.formtools.wizard.FormWizard.security_hash
If you give me a value, I give you a hash back, and you're aware that I'm using Django (think BitBucket which everyone knows is using Django), couldn't I use those values to learn your secret key. I understand this would be difficult and time consuming to try to accomplish, and I apologize if I'm raising unwarranted alarms, but I thought it was worth mentioning. Also, why MD5? I thought Django was switching to SHA1 for security reasons. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.