Changeset 8400

Timestamp:

12/15/07 02:27:56 (1 year ago)

Author:

bitsweat

Message:

Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically secure secret key for use with cookie sessions.

Files:

• trunk/actionpack/lib/action_controller/session/cookie_store.rb (modified) (1 diff)
• trunk/railties/CHANGELOG (modified) (1 diff)
• trunk/railties/lib/tasks/misc.rake (modified) (1 diff)

trunk/actionpack/lib/action_controller/session/cookie_store.rb

@@ -34 +34 @@
-#             defaults to 'SHA1' but may be any digest provided by OpenSSL,
-#             such as 'MD5', 'RIPEMD160', 'SHA256', etc.
+#
+# To generate a secret key for an existing application, run
+# `rake generate:secret` and set the key in config/environment.rb
-#
-# Note that changing digest or secret invalidates all existing sessions!

trunk/railties/CHANGELOG

@@ -1 +1 @@
-*SVN*
+
+* Introduce `rake generate:secret` to output a crytographically secure secret key for use with cookie sessions.  #xxxx [update from Trac]
-
-* Fixed that local database creation should consider 127.0.0.1 local #9026 [parcelbrat]

trunk/railties/lib/tasks/misc.rake

@@ -3 +3 @@
-  require(File.join(RAILS_ROOT, 'config', 'environment'))
-end
+
+require 'rails_generator/secret_key_generator'
+namespace :generate do
+  desc 'Generate a crytographically secure secret key. This is typically used to generate a secret for cookie sessions. Pass a unique identifier to the generator using ID="some unique identifier" for greater security.'
+  task :secret do
+    puts Rails::SecretKeyGenerator.new(ENV['ID']).generate_secret
+  end
+end