问题
This question is related to: Unique Salt per User using Flask-Security, but I'm more concerned with removing this error message.
The linked question established that flask-security uses per-user salts, which is good since a global salt is pointless.
So my question is what's the point of this configuration variable, and what should I set it to to resolve this error? Does it matter what I set it to?
I don't think I need a global salt since flask-security uses passlib which takes care of salts for me.
(The error message in the title occurs even when copying the example straight from the docs: (peewee example))
回答1:
The global "salt" you specify in SECURITY_PASSWORD_SALT is combined with the unique salt generated for each password that gets created. That combined value is then used to salt the password when it gets hashed. So yes, you do need to set this, it's not a spurious error.
(Others have noted that it's quite confusing to refer to this as a salt, when that strongly implies that the value in this variable is going to be used to salt the password for every user. Fortunately, that's not what happens.)
Here are some options for generating a random string.
来源:https://stackoverflow.com/questions/52662675/security-password-salt-must-not-be-none-flask-security