p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed #16285 -- Removed a misleading comment from the signing code, thanks PaulM. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jannis Leidel 2011-06-26 16:52:01 +00:00
parent 352b7ffaf0
commit 32ea1285ab
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/core/signing.py
View File

@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs. in the signature, to protect against zip bombs.
Salt can be used to further salt the hash, in case you're worried Salt can be used to namespace the hash, so that a signed string is
that the NSA might try to brute-force your SHA-1 protected secret. only valid for a given namespace. Leaving this at the default
value or re-using a salt value across different parts of your
application without good cause is a security risk.
""" """
json = simplejson.dumps(obj, separators=(',', ':')) json = simplejson.dumps(obj, separators=(',', ':'))