mirrors
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues 24 Releases Wiki Activity

Fixed #16078 -- Fixed a few typos in the signing documentation. Thanks, brutasse. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jannis Leidel 2011-05-23 13:23:00 +00:00
parent 17a6bb0f70
commit 4c4e46e646
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/core/signing.py
View File

@ -96,7 +96,7 @@ def dumps(obj, key=None, salt='django.core.signing', compress=False):
save some space. Prepends a '.' to signify compression. This is included save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs. in the signature, to protect against zip bombs.
salt can be used to further salt the hash, in case you're worried Salt can be used to further salt the hash, in case you're worried
that the NSA might try to brute-force your SHA-1 protected secret. that the NSA might try to brute-force your SHA-1 protected secret.
""" """
json = simplejson.dumps(obj, separators=(',', ':')) json = simplejson.dumps(obj, separators=(',', ':'))

20
docs/topics/signing.txt
View File

@ -31,7 +31,7 @@ Protecting the SECRET_KEY
========================= =========================
When you create a new Django project using :djadmin:`startproject`, the When you create a new Django project using :djadmin:`startproject`, the
``settings.py`` file it generates automatically gets a random ``settings.py`` file is generated automatically and gets a random
:setting:`SECRET_KEY` value. This value is the key to securing signed :setting:`SECRET_KEY` value. This value is the key to securing signed
data -- it is vital you keep this secure, or attackers could use it to data -- it is vital you keep this secure, or attackers could use it to
generate their own signed values. generate their own signed values.
@ -58,7 +58,7 @@ You can retrieve the original value using the ``unsign`` method::
u'My string' u'My string'
If the signature or value have been altered in any way, a If the signature or value have been altered in any way, a
``django.core.signing.BadSigature`` exception will be raised:: ``django.core.signing.BadSignature`` exception will be raised::
>>> value += 'm' >>> value += 'm'
>>> try: >>> try:
@ -122,10 +122,10 @@ Protecting complex data structures
---------------------------------- ----------------------------------
If you wish to protect a list, tuple or dictionary you can do so using the If you wish to protect a list, tuple or dictionary you can do so using the
signing module's dumps and loads functions. These imitate Python's pickle signing module's ``dumps`` and ``loads`` functions. These imitate Python's
module, but uses JSON serialization under the hood. JSON ensures that even pickle module, but use JSON serialization under the hood. JSON ensures that
if your :setting:`SECRET_KEY` is stolen an attacker will not be able to even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
execute arbitrary commands by exploiting the pickle format.:: to execute arbitrary commands by exploiting the pickle format.::
>>> from django.core import signing >>> from django.core import signing
>>> value = signing.dumps({"foo": "bar"}) >>> value = signing.dumps({"foo": "bar"})
@ -133,3 +133,11 @@ execute arbitrary commands by exploiting the pickle format.::
'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI' 'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI'
>>> signing.loads(value) >>> signing.loads(value)
{'foo': 'bar'} {'foo': 'bar'}
.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
Returns URL-safe, sha1 signed base64 compressed JSON string.
.. function:: loads(string, key=None, salt='django.core.signing', max_age=None)
Reverse of dumps(), raises ``BadSignature`` if signature fails.