Django设置“密钥”的目的是什么?

我在谷歌上搜索了几次,并查看了文档(https://docs.djangoproject.com/en/dev/ref/settings/#secret-关键),但我正在寻找更深入的解释,以及为什么需要它

例如,如果密钥被泄露/其他人知道它是什么,会发生什么

它是用来做散列的。看:

>grep-Inr密钥*
conf/global\u settings.py:255:SECRET\u KEY=''
conf/project\u template/settings.py:61:SECRET\u KEY=''
contrib/auth/tokens.py:54:hash=sha_构造函数(settings.SECRET_KEY+unicode(user.id)+
contrib/comments/forms.py:86:info=(内容类型、对象主键、时间戳、设置.密钥)
contrib/formtools/utils.py:15:order,使用SECRET\u密钥设置对结果进行pickle,然后获取md5
contrib/formtools/utils.py:32:data.append(settings.SECRET\u KEY)
contrib/messages/storage/cookie.py:112:SECRET_密钥,经过修改使其具有当前用途的唯一性。
contrib/messages/storage/cookie.py:114:key='django.contrib.messages'+settings.SECRET\u key
contrib/sessions/backends/base.py:89:pickled_md5=md5_构造函数(pickled+settings.SECRET_KEY).hexdigest()
contrib/sessions/backends/base.py:95:if md5_构造函数(pickled+settings.SECRET_KEY)。hexdigest()!=篡改检查:
contrib/sessions/backends/base.py:134:#使用settings.SECRET_键作为添加的salt。
contrib/sessions/backends/base.py:143:settings.SECRET_KEY)).hexdigest()
contrib/sessions/models.py:16:pickled\u md5=md5\u构造函数(pickled+settings.SECRET\u KEY).hexdigest()
contrib/sessions/models.py:59:if md5_构造函数(pickled+settings.SECRET_KEY).hexdigest()!=篡改检查:
core/management/commands/startproject.py:32:#创建一个随机密钥散列,并将其放入主设置中。
core/management/commands/startproject.py:37:settings_contents=re.sub(r“(?<=SECRET_KEY=”)”,SECRET_KEY+”,settings_contents)
中间件/csrf.py:38:%(randrange(0,_MAX_csrf_KEY),settings.SECRET_KEY)).hexdigest()
middleware/csrf.py:41:返回md5_构造函数(settings.SECRET_KEY+session_id).hexdigest()

发表评论