Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #16285 -- Removed a misleading comment from the signing code, t…

…hanks PaulM.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 32ea1285abe91da7cc2a11df2c7608c407d51bf0 1 parent 352b7ff
@jezdez jezdez authored
Showing with 4 additions and 2 deletions.
  1. +4 −2 django/core/signing.py
View
6 django/core/signing.py
@@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
- Salt can be used to further salt the hash, in case you're worried
- that the NSA might try to brute-force your SHA-1 protected secret.
+ Salt can be used to namespace the hash, so that a signed string is
+ only valid for a given namespace. Leaving this at the default
+ value or re-using a salt value across different parts of your
+ application without good cause is a security risk.
"""
json = simplejson.dumps(obj, separators=(',', ':'))

0 comments on commit 32ea128

Please sign in to comment.
Something went wrong with that request. Please try again.