Emphasize the importance of a dictionary attack-proof secret for the cookie store

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Emphasize the importance of a dictionary attack-proof secret for the cookie store
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
8a086c59 · David Heinemeier Hansson · 9b83e339 · 8a086c59
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

actionpack/lib/action_controller/session/cookie_store.rb actionpack/lib/action_controller/session/cookie_store.rb +4 -1

未找到文件。
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -22,7 +22,10 @@
 # Session options:
 #   :secret   An application-wide key string or block returning a string
 #             called per generated digest. The block is called with the
-#             CGI::Session instance as an argument.
+#             CGI::Session instance as an argument. It's important that the
+#             secret is not vulnerable to a dictionary attack. Therefore,
+#             you should choose a secret consisting of random numbers and
+#             letters and preferably more than 30 characters.
 #
 #             Example:  :secret => '449fe2e7daee471bffae2fd8dc02313d'
 #                       :secret => Proc.new { User.current_user.secret_key }