add documentation for config.active_support.use_authenticated_message_encryption #33172
Conversation
|
Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @sgrif (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. This repository is being automatically checked for code quality issues using Code Climate. You can see results for this analysis in the PR status below. Newly introduced issues should be fixed before a Pull Request is considered ready to review. Please see the contribution instructions for more information. |
guides/source/configuring.md
Outdated
| @@ -707,6 +707,8 @@ There are a few configuration options available in Active Support: | |||
|
|
|||
| * `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. Defaults to false. | |||
|
|
|||
| * `config.active_support.use_authenticated_message_encryption` Use AES-256-GCM authenticated encryption as default cipher for encrypting messages instead of AES-256-CBC. Defaults to true. | |||
There was a problem hiding this comment.
How about making it a sents, like the items around it?
There was a problem hiding this comment.
Is it set to true by default when you upgrade, or only in a new app?
There was a problem hiding this comment.
It's in the new defaults for rails 5.2. This is a copy and paste from the upgrade initializer generated with rails app:update.
guides/source/configuring.md
Outdated
| @@ -707,6 +707,8 @@ There are a few configuration options available in Active Support: | |||
|
|
|||
| * `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. Defaults to false. | |||
|
|
|||
| * `config.active_support.use_authenticated_message_encryption` specifies whether to use AES-256-GCM authenticated encryption as the default cipher for encrypting messages instead of AES-256-CBC. Defaults to true. | |||
There was a problem hiding this comment.
The default is false.
But this is enabled when defaults for Rails 5.2 is loaded.
Therefore, I think that
This is false by default, but enabled when loading defaults for Rails 5.2. is better.
There was a problem hiding this comment.
Wow, that is extremely confusing. I updated the docs to the suggested wording.
There was a problem hiding this comment.
@y-yagi I think there is talk about default configurations, we probably should detect default value in
https://github.com/rails/rails/blob/master/railties/lib/rails/application/configuration.rb#L106. It is true there.
There was a problem hiding this comment.
The value is set only when 5.2(or upper) is specified for load_defaults.
It is set in the newly created application, but it is not always specified when upgrading from the old version.
(I think that there are more applications in which it is not specified.)
Anyway, there is a possibility that it may not be set, so I think that the default should state the exact value.
Otherwise, users using applications not specifying it will get confused.
There was a problem hiding this comment.
I think we may need to be more elaborate about this. The current wording is confusing, as it uses by default right next to defaults for Rails 5.2, which sound similar, to mean opposite things, without any additional explanation.
…_encryption [ci skip] related to #33170
|
@thomasdziedzic-pd Thanks! |
thomasdziedzic-pd
deleted the
add-use_authenticated_message_encryption-documentation
branch
…d_message_encryption-documentation add documentation for config.active_support.use_authenticated_message_encryption
|
Backported to 5-2-stable 63f9258. |
related to #33170