Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Changeset 8181

Show
Ignore:
Timestamp:
11/21/07 15:47:50 (11 months ago)
Author:
david
Message:

Emphasize the importance of a dictionary attack-proof secret for the cookie store

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/actionpack/lib/action_controller/session/cookie_store.rb

    r6424 r8181  
    2323#   :secret   An application-wide key string or block returning a string 
    2424#             called per generated digest. The block is called with the 
    25 #             CGI::Session instance as an argument. 
     25#             CGI::Session instance as an argument. It's important that the 
     26#             secret is not vulnerable to a dictionary attack. Therefore, 
     27#             you should choose a secret consisting of random numbers and 
     28#             letters and preferably more than 30 characters. 
    2629# 
    2730#             Example:  :secret => '449fe2e7daee471bffae2fd8dc02313d'