Bug #63
New spree applications should use a random secret key for sessions
| Status : | Resolved | Start : | 08/12/2008 | |
| Priority : | Normal | Due date : | ||
| Assigned to : | Sean Schofield | % Done : | 0% |
|
| Category : | - | |||
| Fixed version : | 0.4.0 | |||
Description
The current built in key may be used by others in production, which would make their site insecure. You can read more about the potential issue here:
http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3
The spree command should take advantage of the secret key generator to create a new one. (Thanks to Trevor Turk for reporting.)
History
08/12/2008 09:44 AM - Sean Schofield
- Fixed version set to 0.4.0
- Status changed from New to Resolved
Export toPDF