01 Apr '13, 2am

“Securing the Rails session secret – Phusion Corporate BlogPhusion Corporate Blog”

Omit the secret key from version control, but auto-generate a non-random key if missing. Instead of generating a random key, the key would depend on something that is unique to the system so that the key changes across different machines but not on the same machine. However secret keys are supposed to have high entropy so you will have to choose your “something unique” very carefully. What options do we have? From the top of my head, this is what I’ve come up with: Host name – low entropy and can be guessed. MAC address – it’s not inconceivable that it can be guessed. IP address – this is public information, so not a good idea. Modification time of the root filesystem – low entropy. There’s a high chance that the server was installed in the past 5 years. SHA-512 of all file contents in /etc – slow, and changes your key every time you modify something in /etc. None of these...

Full article: http://blog.phusion.nl/2013/01/04/securing-the-rails-sess...

Tweets

시크릿 (SECRET) - Secret Time in Singapore: via @y...

youtube.com 02 Apr '13, 2pm

Close Your browser is not supported by YouTube and it needs to be updated. Learn more . Advertisement 시크릿 (SECRET) - Secre...

Going on ~5 years of Rails and still finding st...

api.rubyonrails.org 05 Apr '13, 8pm

MessageVerifier makes it easy to generate and verify messages which are signed to prevent tampering. This is useful for ca...

I liked a @YouTube video 시크릿 (SECRET) - Secret ...

youtube.com 02 Apr '13, 2pm

Close Your browser is not supported by YouTube and it needs to be updated. Learn more . Advertisement 시크릿 (SECRET) - Secre...

Does this bit of Rails documentation feel a lit...

apidock.com 31 Mar '13, 10pm

Tries to load the first record; if it fails, then create is called with the same arguments as this method. Expects argumen...

Acoustic session earlier in Singapore on 987!

Acoustic session earlier in Singapore on 987!

instagram.com 04 Apr '13, 2pm

Thanks for taking a pic with me & giving me a hug. Hope you lads like the drumsticks and capos ;) #Yamaha

시크릿 (SECRET) - Secret Time in Singapore 싱가폴에서 촬...

youtube.com 02 Apr '13, 2pm

Close Your browser is not supported by YouTube and it needs to be updated. Learn more . Advertisement 시크릿 (SECRET) - Secre...

@mdesjardins That method comes from rails, not ...

api.rubyonrails.org 05 Apr '13, 5pm

Performs a GET request with the given parameters. path : The URI (as a String ) on which you want to perform a GET request...

#Rails is beautiful. Easy and elegant solution ...

railscasts.com 31 Mar '13, 4pm

It is now possible to add subdomains to Rails 3 without the use of additional plugins. Learn how in this episode.

About to play a live session on 987FM in Singapore!

About to play a live session on 987FM in Singap...

instagram.com 04 Apr '13, 11am

About to play a live session on 987FM in Singapore!

Secret has revealed some footage taken during their time off in Singapore

Secret has revealed some footage taken during t...

en.korea.com 03 Apr '13, 7am

Secret’s agency has revealed four minutes of video footage titled “Secret Time in Singapore” on its official fan site and ...

Secret Shares Video From Their Time in Singapore

soompi.com 05 Apr '13, 6am

Popular girl group Secret recently had a concert in Singapore on March 29 and shared a video of the members enjoying their...

Harvard Business School (HBS) Executive Educati...

csrwire.com 01 Apr '13, 12pm

Harvard Business School (HBS) Executive Education offers Corporate Social Responsibility Program Organizer: Harvard Busine...

Girl group Secret turns the heat up in Singapore showcase

Girl group Secret turns the heat up in Singapor...

en.korea.com 01 Apr '13, 3pm

T.S. Entertainment’s hottest girl group SECRET successfully held their first solo concert in Singapore on 29 March. Organi...

Tip Tuesday: Did you know that you can run your...

edgeguides.rubyonrails.org 09 Apr '13, 4pm

$ rails generate scaffold HighScore game:string score:integer invoke active_record create db/migrate/20120528060026_create...

Meet "T" Danny's Secret Weapon

ricksblog.com 02 Apr '13, 12pm

I wrote this on Saturday when I returned home but wanted to digest a few days before posting it. I wish you folks could be...