forked from rails/rails
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add common secret names to filter parameters defaults.
This configuration is often used by extensions for filtering of Rails session and environment data, for example: * smartinez87/exception_notification#182 * bugsnag/bugsnag-ruby@7d40acb As a result, they tend to be insecure until they are explicitly patched. In the event of exception notification, this has not happened even after the insecure defaults being present for many years. The risk of these names being used for non-secret values is very low, compared to the high and demonstrated risk of secrets leaking via a common extension pattern.
- Loading branch information
1 parent
d849f42
commit 9ba8f70
Showing
3 changed files
with
10 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters