I would be in support of a manage.py command to change the secret key, just as a convenience. I'd be happy to implement it.
Matthew Roy said: > If I understand > how it works the compromise of the SECRET_KEY alone doesn't put you in > serious hot water unless the attacker can also intercept traffic. The SECRET_KEY is secret for a number of very good reasons, and compromise of it is quite likely to lead to compromise of your application if the attacker is sufficiently motivated. -Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.