Chris Moffitt avatar Chris Moffitt committed 6b4d47f

minor doc changes.

Comments (0)

Files changed (1)

 
     python manage.py runserver
 
-Dislayed values can be limited to only one group if you display `group settings <http://127.0.0.1:8000/settings/MyApp>`_ ::
-where `MyApp` is the key name of the displayed group.
+Dislayed values can be limited to only one group. For example, using the following url: `group settings <http://127.0.0.1:8000/settings/MyApp>`_ ::
+where `MyApp` is the key name of the displayed group, will limit the group to only `MyApp`.
     
 Accessing your value in a view
 ------------------------------
 Permissions for insert, delete or permission for longsetting are ignored and only the above-mentioned permission is used.
 The same permission is needed to read values.
 
-All views in livesettings support CSRF regardless of enabled or disabled CsrfViewMiddleware,
-because of the security significance of livesettings comparable to Django Admin.
+.. Note::
+    Because of the security significance of livesettings, all views in livesettings support CSRF regardless of whether or not the 
+    CsrfViewMiddleware is enabled or disabled.
 
 If you want store sensitive information to livesettings on production site, e.g. a login password for a payment gateway to verify payments,
-it can be recommended to remove permission to livesettings at least from users which are beeing logged everyday including yourself,
-or the most secure is to export them and disable livesettings as described below.
-Exporting settings itself is allowed only to the superuser.
+we recommend removing permissions to livesettings at least from users which are logging in everyday. The most secure method is to export the settings and disable livesettings as described below.
+Exporting settings itself is allowed only by the superuser.
 
 For password values it is recommended to define them by PasswordValue(... render_value=False)
-to be actual password not re-echoed to browser.
-Thought passwords are hidden by asterisks to human reader in the web browser, should be considered accessibility by attacker's javascripts.
+so that the actual password is not re-echoed to the browser.
+Though passwords are hidden by asterisks to human reader, they should still be considered accessible by attacker's javascripts. In other words,
+if a user can view the password fields, they could determine the
 
 Exporting Settings
 ------------------
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.