Browse files

Fixed #16285 -- Removed a misleading comment from the signing code, t…

…hanks PaulM.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
jezdez committed Jun 26, 2011
1 parent 352b7ff commit 32ea1285abe91da7cc2a11df2c7608c407d51bf0
Showing with 4 additions and 2 deletions.
  1. +4 −2 django/core/
@@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
- Salt can be used to further salt the hash, in case you're worried
- that the NSA might try to brute-force your SHA-1 protected secret.
+ Salt can be used to namespace the hash, so that a signed string is
+ only valid for a given namespace. Leaving this at the default
+ value or re-using a salt value across different parts of your
+ application without good cause is a security risk.
json = simplejson.dumps(obj, separators=(',', ':'))

0 comments on commit 32ea128

Please sign in to comment.