Fixed #16078 -- Fixed a few typos in the signing documentation. Thanks, brutasse.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
17a6bb0f70
commit
4c4e46e646
|
@ -96,7 +96,7 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
|
|||
save some space. Prepends a '.' to signify compression. This is included
|
||||
in the signature, to protect against zip bombs.
|
||||
|
||||
salt can be used to further salt the hash, in case you're worried
|
||||
Salt can be used to further salt the hash, in case you're worried
|
||||
that the NSA might try to brute-force your SHA-1 protected secret.
|
||||
"""
|
||||
json = simplejson.dumps(obj, separators=(',', ':'))
|
||||
|
|
|
@ -31,7 +31,7 @@ Protecting the SECRET_KEY
|
|||
=========================
|
||||
|
||||
When you create a new Django project using :djadmin:`startproject`, the
|
||||
``settings.py`` file it generates automatically gets a random
|
||||
``settings.py`` file is generated automatically and gets a random
|
||||
:setting:`SECRET_KEY` value. This value is the key to securing signed
|
||||
data -- it is vital you keep this secure, or attackers could use it to
|
||||
generate their own signed values.
|
||||
|
@ -58,7 +58,7 @@ You can retrieve the original value using the ``unsign`` method::
|
|||
u'My string'
|
||||
|
||||
If the signature or value have been altered in any way, a
|
||||
``django.core.signing.BadSigature`` exception will be raised::
|
||||
``django.core.signing.BadSignature`` exception will be raised::
|
||||
|
||||
>>> value += 'm'
|
||||
>>> try:
|
||||
|
@ -122,10 +122,10 @@ Protecting complex data structures
|
|||
----------------------------------
|
||||
|
||||
If you wish to protect a list, tuple or dictionary you can do so using the
|
||||
signing module's dumps and loads functions. These imitate Python's pickle
|
||||
module, but uses JSON serialization under the hood. JSON ensures that even
|
||||
if your :setting:`SECRET_KEY` is stolen an attacker will not be able to
|
||||
execute arbitrary commands by exploiting the pickle format.::
|
||||
signing module's ``dumps`` and ``loads`` functions. These imitate Python's
|
||||
pickle module, but use JSON serialization under the hood. JSON ensures that
|
||||
even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
|
||||
to execute arbitrary commands by exploiting the pickle format.::
|
||||
|
||||
>>> from django.core import signing
|
||||
>>> value = signing.dumps({"foo": "bar"})
|
||||
|
@ -133,3 +133,11 @@ execute arbitrary commands by exploiting the pickle format.::
|
|||
'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI'
|
||||
>>> signing.loads(value)
|
||||
{'foo': 'bar'}
|
||||
|
||||
.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
|
||||
|
||||
Returns URL-safe, sha1 signed base64 compressed JSON string.
|
||||
|
||||
.. function:: loads(string, key=None, salt='django.core.signing', max_age=None)
|
||||
|
||||
Reverse of dumps(), raises ``BadSignature`` if signature fails.
|
||||
|
|
Loading…
Reference in New Issue