Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #16078 -- Fixed a few typos in the signing documentation. Thank…

…s, brutasse.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 4c4e46e64656e6038793e024bc97d0d1afc63d8a 1 parent 17a6bb0
@jezdez jezdez authored
Showing with 15 additions and 7 deletions.
  1. +1 −1  django/core/signing.py
  2. +14 −6 docs/topics/signing.txt
View
2  django/core/signing.py
@@ -96,7 +96,7 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
- salt can be used to further salt the hash, in case you're worried
+ Salt can be used to further salt the hash, in case you're worried
that the NSA might try to brute-force your SHA-1 protected secret.
"""
json = simplejson.dumps(obj, separators=(',', ':'))
View
20 docs/topics/signing.txt
@@ -31,7 +31,7 @@ Protecting the SECRET_KEY
=========================
When you create a new Django project using :djadmin:`startproject`, the
-``settings.py`` file it generates automatically gets a random
+``settings.py`` file is generated automatically and gets a random
:setting:`SECRET_KEY` value. This value is the key to securing signed
data -- it is vital you keep this secure, or attackers could use it to
generate their own signed values.
@@ -58,7 +58,7 @@ You can retrieve the original value using the ``unsign`` method::
u'My string'
If the signature or value have been altered in any way, a
-``django.core.signing.BadSigature`` exception will be raised::
+``django.core.signing.BadSignature`` exception will be raised::
>>> value += 'm'
>>> try:
@@ -122,10 +122,10 @@ Protecting complex data structures
----------------------------------
If you wish to protect a list, tuple or dictionary you can do so using the
-signing module's dumps and loads functions. These imitate Python's pickle
-module, but uses JSON serialization under the hood. JSON ensures that even
-if your :setting:`SECRET_KEY` is stolen an attacker will not be able to
-execute arbitrary commands by exploiting the pickle format.::
+signing module's ``dumps`` and ``loads`` functions. These imitate Python's
+pickle module, but use JSON serialization under the hood. JSON ensures that
+even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
+to execute arbitrary commands by exploiting the pickle format.::
>>> from django.core import signing
>>> value = signing.dumps({"foo": "bar"})
@@ -133,3 +133,11 @@ execute arbitrary commands by exploiting the pickle format.::
'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI'
>>> signing.loads(value)
{'foo': 'bar'}
+
+.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
+
+ Returns URL-safe, sha1 signed base64 compressed JSON string.
+
+.. function:: loads(string, key=None, salt='django.core.signing', max_age=None)
+
+ Reverse of dumps(), raises ``BadSignature`` if signature fails.
Please sign in to comment.
Something went wrong with that request. Please try again.