Skip to content
Snippets Groups Projects

Security: keep the Rails secret token out of version control.

Merged Security: keep the Rails secret token out of version control.
github/fork/smashwilson/generate-secret into master
Merged gitlab-qa-bot requested to merge github/fork/smashwilson/generate-secret into master

Created by: smashwilson

This patch stores the secret token in a .gitignored file called ".secret", which is created by the initializer if it doesn't exist. This keeps the Rails session token out of version control and deals with a security vulnerability.

For reference:

http://blog.phusion.nl/2013/01/04/securing-the-rails-session-secret/

http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/ (Item 3)

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • gitlab-qa-bot
    gitlab-qa-bot @gitlab-qa-bot ·
    Author Owner

    Created by: coveralls

    Coverage Status

    Coverage decreased (-0%) when pulling e444c7f6 on smashwilson:generate-secret into c5de01f8 on gitlabhq:master.

    By Administrator on 2013-05-23T00:47:21 (imported from GitLab project)

    By Administrator on 2013-05-23T00:47:21 (imported from GitLab)

  • gitlab-qa-bot
    gitlab-qa-bot @gitlab-qa-bot ·
    Author Owner

    Created by: senny

    @randx @dosire please take a look.

    By Administrator on 2013-05-23T05:42:29 (imported from GitLab project)

    By Administrator on 2013-05-23T05:42:29 (imported from GitLab)

  • gitlab-qa-bot
    gitlab-qa-bot @gitlab-qa-bot ·
    Author Owner

    Created by: dzaporozhets

    +1

    By Administrator on 2013-05-23T06:01:58 (imported from GitLab project)

    By Administrator on 2013-05-23T06:01:58 (imported from GitLab)

Please register or sign in to reply