flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

clarify how the SECRET_KEY is setup, we don't have a builtin (not secret) SECRET_KEY any more

Browse Source
This commit is contained in:
Thomas Waldmann 2013-11-17 02:08:02 +01:00
parent cb89967189
commit fe96c21592
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/security.rst
View File

@ -161,5 +161,14 @@ For Django >=1.6 json will be the default rather than the less safe pickle forma
Django's SECRET_KEY Django's SECRET_KEY
=================== ===================
Well, it needs to be secret, so don't just keep the value from our settings.py, Django's SECRET_KEY needs to be a long, random and secret string (it is
but define a really secret one in your local_settings.py. usually set up by the administrator of the site).
The builtin default settings will try to read SECRET_KEY from an environment
variable of same name. If there is no such environment variable, the SECRET_KEY
will be undefined.
You can also define the SECRET_KEY in your local_settings.py.
If you do not define a SECRET_KEY by one of these methods, the application
will refuse to start and give you an error, that a SECRET_KEY is required.