-
Notifications
You must be signed in to change notification settings - Fork 21.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add documentation for config.active_support.use_authenticated_message_encryption #33172
add documentation for config.active_support.use_authenticated_message_encryption #33172
Conversation
Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @sgrif (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. This repository is being automatically checked for code quality issues using Code Climate. You can see results for this analysis in the PR status below. Newly introduced issues should be fixed before a Pull Request is considered ready to review. Please see the contribution instructions for more information. |
guides/source/configuring.md
Outdated
@@ -707,6 +707,8 @@ There are a few configuration options available in Active Support: | |||
|
|||
* `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. Defaults to false. | |||
|
|||
* `config.active_support.use_authenticated_message_encryption` Use AES-256-GCM authenticated encryption as default cipher for encrypting messages instead of AES-256-CBC. Defaults to true. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about making it a sents, like the items around it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it set to true by default when you upgrade, or only in a new app?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's in the new defaults for rails 5.2. This is a copy and paste from the upgrade initializer generated with rails app:update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
guides/source/configuring.md
Outdated
@@ -707,6 +707,8 @@ There are a few configuration options available in Active Support: | |||
|
|||
* `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. Defaults to false. | |||
|
|||
* `config.active_support.use_authenticated_message_encryption` specifies whether to use AES-256-GCM authenticated encryption as the default cipher for encrypting messages instead of AES-256-CBC. Defaults to true. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default is false
.
cattr_accessor :use_authenticated_message_encryption, instance_accessor: false, default: false |
But this is enabled when defaults for Rails 5.2 is loaded.
Therefore, I think that
This is false by default, but enabled when loading defaults for Rails 5.2.
is better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, that is extremely confusing. I updated the docs to the suggested wording.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@y-yagi I think there is talk about default configurations, we probably should detect default value in
https://github.com/rails/rails/blob/master/railties/lib/rails/application/configuration.rb#L106. It is true
there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The value is set only when 5.2
(or upper) is specified for load_defaults
.
It is set in the newly created application, but it is not always specified when upgrading from the old version.
(I think that there are more applications in which it is not specified.)
Anyway, there is a possibility that it may not be set, so I think that the default should state the exact value.
Otherwise, users using applications not specifying it will get confused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we may need to be more elaborate about this. The current wording is confusing, as it uses by default
right next to defaults for Rails 5.2
, which sound similar, to mean opposite things, without any additional explanation.
…_encryption [ci skip] related to #33170
@thomasdziedzic-pd Thanks! |
…d_message_encryption-documentation add documentation for config.active_support.use_authenticated_message_encryption
Backported to 5-2-stable 63f9258. |
related to #33170