#19679: Default "settings.py" does not adequately describe "SECRET_KEY"
--------------------------------------------+------------------------------
Reporter: retail79174@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Core (Management commands) | Version: 1.4
Severity: Normal | Keywords: settings secret
Triage Stage: Unreviewed | key
Easy pickings: 1 | Has patch: 1
| UI/UX: 0
--------------------------------------------+------------------------------
In Django 1.3.4, after creating a project, the file "settings.py" contains
the comment
# Make this unique, and don't share it with anybody.
for "SECRET_KEY". This is not clear for several reasons:
1. It implies that the Django administrator has to do something to
make it unique,
2. Does not describe if and when it should ever be edited, and
3. "don't share it" is ambiguous, especially for non-native English
speakers.
The message should be changed to something like:
# This secret key was randomly-generated when you created your
project; it is
# used for session encryption among other things. Do not change it
unless you
# need to share session information among multiple Django sites. Make
sure
# to protect it from being read by outsiders, or your site security
may be
# compromised.
--
Ticket URL: <https://code.djangoproject.com/ticket/19679>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
