Fixed #16285 -- Removed a misleading comment from the signing code, thanks PaulM.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jannis Leidel 2011-06-26 16:52:01 +00:00
parent 352b7ffaf0
commit 32ea1285ab
1 changed files with 4 additions and 2 deletions

View File

@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
Salt can be used to further salt the hash, in case you're worried
that the NSA might try to brute-force your SHA-1 protected secret.
Salt can be used to namespace the hash, so that a signed string is
only valid for a given namespace. Leaving this at the default
value or re-using a salt value across different parts of your
application without good cause is a security risk.
"""
json = simplejson.dumps(obj, separators=(',', ':'))