我有一个python脚本,需要在执行过程中多次更改django SECRET_KEY。以下是我尝试做的一个例子:
from django.core import signing
# SECRET_KEY = "abc"
print signing.dumps("value")
# SECRET_KEY = "123"
print signing.dumps("value")
# SECRET_KEY = "test"
print signing.dumps("value")
signing.dumps方法需要设置SECRET_KEY,但它似乎没有在脚本中更改它的参数。
我如何在脚本中多次更改SECRET_KEY?
答案 0 :(得分:0)
如果仔细查看dumps method in signing.py,您会看到它接受一个密钥作为签名密钥:
如果key为None,则使用settings.SECRET_KEY。
def dumps(obj, key=None, salt='django.core.signing', serializer=JSONSerializer, compress=False):
"""
Returns URL-safe, sha1 signed base64 compressed JSON string. If key is
None, settings.SECRET_KEY is used instead.
If compress is True (not the default) checks if compressing using zlib can
save some space. Prepends a '.' to signify compression. This is included
in the signature, to protect against zip bombs.
Salt can be used to namespace the hash, so that a signed string is
only valid for a given namespace. Leaving this at the default
value or re-using a salt value across different parts of your
application without good cause is a security risk.
The serializer is expected to return a bytestring.
"""
所以你需要做的就是每次都传递不同的密钥:
SECRET_KEY = "abc"
print signing.dumps("value", key=SECRET_KEY)
SECRET_KEY = "123"
print signing.dumps("value", key=SECRET_KEY)
那就是说,这对我来说是一个坏主意,因为你没有使用默认密钥签名。如果您确实需要签署文本,请使用Signer class创建,并在其中使用新的key实例化对象,并将其用作Signer(key="NEW KEY")。
答案 1 :(得分:0)
两件事:
如果您有一个值,而您正尝试签名,则可以执行以下操作:
from django.core.signing import Signer
signer = Signer()
value = signer.sign('My string')
...然后在表单发布后,您可以验证签名......
try:
original = signer.unsign(value)
except signing.BadSignature:
print("Tampering detected!")