24 Oct '13, 3pm

Securing the Rails session secret

Omit the secret key from version control, but auto-generate a non-random key if missing. Instead of generating a random key, the key would depend on something that is unique to the system so that the key changes across different machines but not on the same machine. However secret keys are supposed to have high entropy so you will have to choose your “something unique” very carefully. What options do we have? From the top of my head, this is what I’ve come up with: Host name – low entropy and can be guessed. MAC address – it’s not inconceivable that it can be guessed. IP address – this is public information, so not a good idea. Modification time of the root filesystem – low entropy. There’s a high chance that the server was installed in the past 5 years. SHA-512 of all file contents in /etc – slow, and changes your key every time you modify something in /etc. None of these...

Full article: http://blog.phusion.nl/2013/01/04/securing-the-rails-sess...

Tweets

Late and we're bad at dates, but 2 new Rails th...

ruby5.envylabs.com 24 Oct '13, 2am

October 18th, 2013 RubinusX, details on a rewrite of ActiveModel::Serializers, using docker to parallelize your tests, cle...

@JUSTcircle here here!!

secretrecipe.com.sg 24 Oct '13, 8am

This enticing famed cake for its vibrant red hue is created au natural with a clever twist in layering with velvety cream ...

@jcoglan @pixeltrix Initialisers in rails also ...

guides.rubyonrails.org 23 Oct '13, 7pm

configures Rails itself to serve static assets. Defaults to true, but in the production environment is turned off as the s...

この記事参考になる。ネットのrailsのバリデーション情報間違いまくりで全然役に立たない…。- Validations in Rails 3

この記事参考になる。ネットのrailsのバリデーション情報間違いまくりで全然役に立たない…。-...

asciicasts.com 25 Oct '13, 12am

Another new feature in Rails 3 is the ability to reflect on validations. We can use this if, for example, we want to put a...

Install Ruby on Rails · Mac OS X Mavericks

rubyflow.com 24 Oct '13, 11pm

Install Ruby on Rails · Mac OS X Mavericks Posted by DanielKehoe on October 25, 2013 — 0 comments Here's the new article: ...

@smoozoid

rubyonrails.org 26 Oct '13, 3pm

If you're just getting started or want to learn about Rails in general, check the Rails Guides . APIs Browse all framework...

Awesome cast on Controllers in Rails 3 on Rails...

railscasts.com 25 Oct '13, 10am

Jul 26, 2010 | 10 minutes | Controllers , Rails 3.0 Embedded flash notices, permanent cookies, and the details of respond_...

Psssst... secret code for FB only! Fall50 for 5...

barefoottess.com 23 Oct '13, 9pm

JavaScript seems to be disabled in your browser. You must have JavaScript enabled in your browser to utilize the functiona...

o m f g where was this photoshoot

o m f g where was this photoshoot

frmheadtotoe.com 27 Oct '13, 12am

I'm frequently asked what inspires me to create makeup looks and if I ever run out of ideas. Honestly, makeup for me is so...

(Karen Cheng) My Secret To Buying Swimwear @karencheng #fashion #perth

(Karen Cheng) My Secret To Buying Swimwear @kar...

karencheng.com.au 25 Oct '13, 6am

When I go shopping for swimwear, I have to strip down to my undies in the change room… so I only want to do the “stripping...

Rails for Zombies

railsforzombies.org 04 Nov '13, 4pm

1 Intro 2 Learning about database tables 3 Reviewing Ruby Hashes 4 Creating new Tweets 5 Reading out of the database 6 Upd...

Check out our Rails Rumble Roundup

Check out our Rails Rumble Roundup

robots.thoughtbot.com 22 Oct '13, 5pm

Rails Rumble Roundup calebjthompson October 22, 2013 rails-rumble Last weekend, two teams of thoughtbotters participated i...

One-Hour Workout: Form-Focused Run Session via @TriathleteMag

One-Hour Workout: Form-Focused Run Session via ...

triathlon.competitor.com 29 Oct '13, 3pm

This week’s run workout comes from USAT Level I coach Jessica Dollar of Nashville-based FTP Coaching (Ftpcoaching.com ). “...