Author: jezdez
Date: 2011-05-23 06:23:00 -0700 (Mon, 23 May 2011)
New Revision: 16270
Modified:
django/trunk/django/core/signing.py
django/trunk/docs/topics/signing.txt
Log:
Fixed #16078 -- Fixed a few typos in the signing documentation. Thanks,
brutasse.
Modified: django/trunk/django/core/signing.py
===================================================================
--- django/trunk/django/core/signing.py 2011-05-23 01:54:37 UTC (rev 16269)
+++ django/trunk/django/core/signing.py 2011-05-23 13:23:00 UTC (rev 16270)
@@ -96,7 +96,7 @@
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
- salt can be used to further salt the hash, in case you're worried
+ Salt can be used to further salt the hash, in case you're worried
that the NSA might try to brute-force your SHA-1 protected secret.
"""
json = simplejson.dumps(obj, separators=(',', ':'))
Modified: django/trunk/docs/topics/signing.txt
===================================================================
--- django/trunk/docs/topics/signing.txt 2011-05-23 01:54:37 UTC (rev
16269)
+++ django/trunk/docs/topics/signing.txt 2011-05-23 13:23:00 UTC (rev
16270)
@@ -31,7 +31,7 @@
=========================
When you create a new Django project using :djadmin:`startproject`, the
-``settings.py`` file it generates automatically gets a random
+``settings.py`` file is generated automatically and gets a random
:setting:`SECRET_KEY` value. This value is the key to securing signed
data -- it is vital you keep this secure, or attackers could use it to
generate their own signed values.
@@ -58,7 +58,7 @@
u'My string'
If the signature or value have been altered in any way, a
-``django.core.signing.BadSigature`` exception will be raised::
+``django.core.signing.BadSignature`` exception will be raised::
>>> value += 'm'
>>> try:
@@ -122,10 +122,10 @@
----------------------------------
If you wish to protect a list, tuple or dictionary you can do so using the
-signing module's dumps and loads functions. These imitate Python's pickle
-module, but uses JSON serialization under the hood. JSON ensures that even
-if your :setting:`SECRET_KEY` is stolen an attacker will not be able to
-execute arbitrary commands by exploiting the pickle format.::
+signing module's ``dumps`` and ``loads`` functions. These imitate Python's
+pickle module, but use JSON serialization under the hood. JSON ensures that
+even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
+to execute arbitrary commands by exploiting the pickle format.::
>>> from django.core import signing
>>> value = signing.dumps({"foo": "bar"})
@@ -133,3 +133,11 @@
'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI'
>>> signing.loads(value)
{'foo': 'bar'}
+
+.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
+
+ Returns URL-safe, sha1 signed base64 compressed JSON string.
+
+.. function:: loads(string, key=None, salt='django.core.signing', max_age=None)
+
+ Reverse of dumps(), raises ``BadSignature`` if signature fails.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
