mirror of
https://github.com/django/django.git
synced 2024-11-30 07:06:18 +01:00
Fixed #16285 -- Removed a misleading comment from the signing code, thanks PaulM.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
352b7ffaf0
commit
32ea1285ab
@ -96,8 +96,10 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
|
||||
save some space. Prepends a '.' to signify compression. This is included
|
||||
in the signature, to protect against zip bombs.
|
||||
|
||||
Salt can be used to further salt the hash, in case you're worried
|
||||
that the NSA might try to brute-force your SHA-1 protected secret.
|
||||
Salt can be used to namespace the hash, so that a signed string is
|
||||
only valid for a given namespace. Leaving this at the default
|
||||
value or re-using a salt value across different parts of your
|
||||
application without good cause is a security risk.
|
||||
"""
|
||||
json = simplejson.dumps(obj, separators=(',', ':'))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user