forked from technoweenie/mephisto
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: Make our session secret actually a secret
This is the first of several patches produced by our security audit. It addresses the concerns mentioned here: http://groups.google.co.nz/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3/e63662d7d521663e Note that you will be instructed to run 'rake db:bootstrap:session' when you first try to run Mephisto, and that your session cookie name will change in order to prevent errors about invalid cookie signatures. Thank you to Isaac for helping me track down the best way to solve this problem.
- Loading branch information
Showing
3 changed files
with
33 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d558ba1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of simply raising an error like this:
rake aborted!
unexpected return
The session_store.rb should probably be overwritten in the rake —trace db:bootstrap:session every time that it is ran instead of failing with an unhelpful message.