Browse files

Fixed #17800 -- Prevented Django from starting without a SECRET_KEY, …

…since that opens a variety of security problems. Thanks PaulM for the report.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent d0f162c commit 45570580839ce2e4e4674b42375dbc1300f91f14 @aaugustin aaugustin committed Mar 1, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 django/conf/
@@ -106,6 +106,9 @@ def __init__(self, settings_module):
setting_value = (setting_value,) # In case the user forgot the comma.
setattr(self, setting, setting_value)
+ if not self.SECRET_KEY:
+ raise ValueError("The SECRET_KEY setting mustn't be empty.")
if hasattr(time, 'tzset') and self.TIME_ZONE:
# When we can, attempt to validate the timezone. If we can't find
# this file, no check happens and it's harmless.

0 comments on commit 4557058

Please sign in to comment.