Menu
In terms of security, what could an attacker do if he knows the SECRET_KEY? Is there any imminent danger?
419
Well, from the manual:
Running Django with a known SECRET_KEY defeats many of Django's security protections, and can lead to privilege escalation and remote code execution vulnerabilities.
I'm not sure how it could do those things (i.e. exactly how the secret key is used). Most likely it could lead to identity verification issues. If Django is actually using it to somehow provide https transport, then anyone able to sniff traffic could decrypt the traffic.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
