Moved session key and session secret into the database.yml file

kennethkalmer · Sep 27, 2008 · b2ff941 · b2ff941
1 parent 3d8bb05
commit b2ff941
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/config/database.yml b/config/database.yml
@@ -1,10 +1,20 @@
-# MySQL
+# You'll need to configure this file for the appropriate environment before
+# you run PowerDNS on Rails. In a production environment, please ensure you
+# change the session_key and session_secret values as well, or risk having your
+# sessions hijacked and system compromized.
+# 
+# For more information visit the following link:
+# http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3?hl=en
+
+# MySQL development
 development:
   adapter: mysql
   database: powerdns_development
   host: localhost
   username: root
   password:
+  session_key: powerdns-on-rails
+  session_secret: 66eo7n4q549cbtj3ckhoerk9p55ndqlj8rw3lmujz1oapvwsqj9g5d7y2q9c416b
 
 # Warning: The database defined as 'test' will be erased and
 # re-generated from your development database when you run 'rake'.
@@ -15,10 +25,14 @@ test:
   host: localhost
   username: root
   password:
+  session_key: powerdns-on-rails
+  session_secret: 3buztwu7ui3f22rmmzrokb1pd4tzbo1kf3iqrlm4o98vfujg7z4usww4jfbu8zwl
 
 production:
   adapter: mysql
   database: powerdns_production
   host: localhost
   username: root
   password: dont-use-root-here
+  session_key: powerdns-on-rails
+  session_secret: k76uz8mgi52jshrb61vwjnvwhdwa9lmd1l2s98h1u6ni1anlhtaaor6it5m6jmlo
diff --git a/config/environment.rb b/config/environment.rb
@@ -9,6 +9,7 @@
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
+require 'yaml'
 
 Rails::Initializer.run do |config|
   # Settings in config/environments/* take precedence over those specified here.
@@ -39,9 +40,10 @@
   # If you change this key, all old sessions will become invalid!
   # Make sure the secret is at least 30 characters and all random, 
   # no regular words or you'll be exposed to dictionary attacks.
+  db_cfg = YAML::load_file( File.join(RAILS_ROOT, 'config', 'database.yml') )
   config.action_controller.session = {
-    :session_key => '_bind-dlz-on-rails_session',
-    :secret      => 'a11676991448e5fbf9cd0849fc4dbf143fbf5ec17a7d3d555d7f8daddda7189f1c0a348b37fa5acfc74db9184448219d44b9c062b12d26832e5c9af610775b51'
+    :session_key => db_cfg[RAILS_ENV]['session_key'],
+    :secret      => db_cfg[RAILS_ENV]['session_secret']
   }
 
   # Use the database for sessions instead of the cookie-based default,