Please sign in to comment.
Security: Make our session secret actually a secret
This is the first of several patches produced by our security audit. It addresses the concerns mentioned here: http://groups.google.co.nz/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3/e63662d7d521663e Note that you will be instructed to run 'rake db:bootstrap:session' when you first try to run Mephisto, and that your session cookie name will change in order to prevent errors about invalid cookie signatures. Thank you to Isaac for helping me track down the best way to solve this problem.
- Loading branch information...
Showing with 33 additions and 7 deletions.