[Radiant] Possibly-dumb cookie question
Sean Cribbs
seancribbs at gmail.com
Tue Jun 3 11:20:23 CDT 2008
Jay,
Sounds like a patch to the instance generator is in order. Maybe an md5
hash of something for the secret?
Sean
Jay Levitt wrote:
> From 0.6.7's environment.rb:
>
> # Your secret key for verifying cookie session data integrity.
> # If you change this key, all old sessions will become invalid!
> # Make sure the secret is at least 30 characters and all random,
> # no regular words or you'll be exposed to dictionary attacks.
> config.action_controller.session = {
> :session_key => '_radiant_session',
> :secret => '...'
> }
>
>
> I just checked, and :secret doesn't seem to be site-specific. So
> isn't that pretty much the same as:
>
> int getRandomNumber()
> {
> return 4; // chosen by fair dice roll.
> // guaranteed to be random.
> }
>
> Jay
> _______________________________________________
> Radiant mailing list
> Post: Radiant at radiantcms.org
> Search: http://radiantcms.org/mailing-list/search/
> Site: http://lists.radiantcms.org/mailman/listinfo/radiant
>
More information about the Radiant
mailing list