Changeset 8229

Timestamp:

11/28/07 19:36:59 (2 years ago)

Author:

bitsweat

Message:

Introduce SecretKeyGenerator for more secure session secrets than CGI::Session's pseudo-random id generator. Consider extracting to Active Support later. Closes #10286.

Files:

• trunk/railties/CHANGELOG (modified) (1 diff)
• trunk/railties/lib/rails_generator/generators/applications/app/app_generator.rb (modified) (3 diffs)
• trunk/railties/lib/rails_generator/secret_key_generator.rb (added)
• trunk/railties/test/secret_key_generation_test.rb (added)

trunk/railties/CHANGELOG

@@ -1 +1 @@
-*SVN*
+
+* Introduce SecretKeyGenerator for more secure session secrets than CGI::Session's pseudo-random id generator. Consider extracting to Active Support later.  #10286 [Hongli Lai]
-
-* RAILS_GEM_VERSION may be set to any valid gem version specifier.  #10057 [Chad Woolley, Chu Yeow]

trunk/railties/lib/rails_generator/generators/applications/app/app_generator.rb

@@ -1 +1 @@
-require 'rbconfig'
-require 'digest/md5' 
+require 'rails_generator/secret_key_generator'
-
-class AppGenerator < Rails::Generator::Base
@@ -34 +35 @@
-    md5 << @app_name
-
+    # Do our best to generate a secure secret key for CookieStore
+    secret = Rails::SecretKeyGenerator.new(@app_name).generate_secret
+
-    record do |m|
-      # Root directory and all subdirectories.
@@ -62 +66 @@
-      # Environments
-      m.file "environments/boot.rb",    "config/boot.rb"
-md5.hexdiges
+secre
-      m.file "environments/production.rb",  "config/environments/production.rb"
-      m.file "environments/development.rb", "config/environments/development.rb"