Comments on: A security issue with Rails secret session keys http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/ Michael Hartl's tech blog Sat, 06 Mar 2010 17:10:54 +0000 http://wordpress.com/ hourly 1 By: theseefly http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/#comment-243 theseefly Sat, 02 Jan 2010 02:26:15 +0000 http://insoshi.wordpress.com/?p=54#comment-243 Which WordPress theme do you use? Which WordPress theme do you use?

]]> By: Michael Hartl http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/#comment-219 Michael Hartl Tue, 21 Jul 2009 18:49:09 +0000 http://insoshi.wordpress.com/?p=54#comment-219 I haven't tried it yet, and don't have plans to in the short run (I'm soon going on vacation for a couple weeks, among other things). If you try it out, please let me know how it goes. I haven’t tried it yet, and don’t have plans to in the short run (I’m soon going on vacation for a couple weeks, among other things). If you try it out, please let me know how it goes.

]]> By: Karim Helal http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/#comment-218 Karim Helal Tue, 21 Jul 2009 06:24:16 +0000 http://insoshi.wordpress.com/?p=54#comment-218 Hi Michael, We're going to upgrade our app to rails 2.3.3 and we're using your plugin. Doing some prep work and I think there might be an issue due to the changes to how Cookies work. Will your plugin still work once i upgrade? have you tried it? Hi Michael,

We’re going to upgrade our app to rails 2.3.3 and we’re using your plugin. Doing some prep work and I think there might be an issue due to the changes to how Cookies work. Will your plugin still work once i upgrade? have you tried it?

]]> By: Michael Hartl http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/#comment-214 Michael Hartl Fri, 12 Jun 2009 20:22:17 +0000 http://insoshi.wordpress.com/?p=54#comment-214 Indeed, you are right, and we updated the Insoshi source code with this fix along with our Rails 2.2 upgrade a couple months ago, but I didn't update this post. Thanks for helping it stay up-to-date. Indeed, you are right, and we updated the Insoshi source code with this fix along with our Rails 2.2 upgrade a couple months ago, but I didn’t update this post. Thanks for helping it stay up-to-date.

]]> By: Tom http://blog.mhartl.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/#comment-213 Tom Fri, 12 Jun 2009 13:24:36 +0000 http://insoshi.wordpress.com/?p=54#comment-213 Rails::SecretKeyGenerator.generate_secret has been deprecated in Rails 2.2. Instead use ActiveSupport::SecureRandom.hex(64) Rails::SecretKeyGenerator.generate_secret has been deprecated in Rails 2.2. Instead use ActiveSupport::SecureRandom.hex(64)

]]>