instance method
ensure_secret_secure
Ruby on Rails 2.2.3
Since v2.2.3 Last seen in v2.2.3Signature
ensure_secret_secure(secret)To prevent users from using something insecure like “Password” we make sure that the secret they’ve provided is at least 30 characters in length.
Parameters
-
secretreq
Source
# File actionpack/lib/action_controller/session/cookie_store.rb, line 85
def ensure_secret_secure(secret)
# There's no way we can do this check if they've provided a proc for the
# secret.
return true if secret.is_a?(Proc)
if secret.blank?
raise ArgumentError, %Q{A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase of at least #{SECRET_MIN_LENGTH} characters" } in config/environment.rb}
end
if secret.length < SECRET_MIN_LENGTH
raise ArgumentError, %Q{Secret should be something secure, like "#{CGI::Session.generate_unique_id}". The value you provided, "#{secret}", is shorter than the minimum length of #{SECRET_MIN_LENGTH} characters}
end
end
Defined in actionpack/lib/action_controller/session/cookie_store.rb line 85
· View on GitHub
· Improve this page
· Find usages on GitHub
Defined in CGI::Session::CookieStore