mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #20080 - Recommended use of PYTHONHASHSEED
Thanks jacob for the suggestion and ryankask for the patch.
This commit is contained in:
		| @@ -212,3 +212,18 @@ Miscellaneous | ||||
| -------------------------------- | ||||
|  | ||||
| This setting is required if you're using the :ttag:`ssi` template tag. | ||||
|  | ||||
| Python Options | ||||
| ============== | ||||
|  | ||||
| If you're using Python 2.6.8+, it's strongly recommended that you invoke the | ||||
| Python process running your Django application using the `-R`_ option or with | ||||
| the :envvar:`PYTHONHASHSEED` environment variable set to ``random``. | ||||
|  | ||||
| These options help protect your site from denial-of-service (DoS) | ||||
| attacks triggered by carefully crafted inputs. Such an attack can | ||||
| drastically increase CPU usage by causing worst-case performance when | ||||
| creating ``dict`` instances. See `oCERT advisory #2011-003 | ||||
| <http://www.ocert.org/advisories/ocert-2011-003.html>`_ for more information. | ||||
|  | ||||
| .. _-r: http://docs.python.org/2.7/using/cmdline.html#cmdoption-R | ||||
|   | ||||
		Reference in New Issue
	
	Block a user