Fixed #95 -- Added SECRET_KEY setting instead of hard-coding keys that are shared for every Django installation. 'django-admin.py startproject' now creates a random SECRET_KEY. The auth and comments modules, and the admin middleware, all use SECRET_KEY now, instead of hard-coded values.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@230 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-26 07:06:08 +00:00 · 2005-07-20 00:37:45 +00:00
parent 43538e78eb
commit 897d24b220
6 changed files with 32 additions and 21 deletions
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@@ -96,6 +96,11 @@ ADMIN_FOR = []
 IGNORABLE_404_STARTS = ('/cgi-bin/', '/_vti_bin', '/_vti_inf')
 IGNORABLE_404_ENDS = ('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php')

+# A secret key for this particular Django installation. Used in secret-key
+# hashing algorithms. Set this in your settings, or Django will complain
+# loudly.
+SECRET_KEY = ''
+
 ##############
 # MIDDLEWARE #
 ##############