API Guides

instance method ensure_secret_secure

Ruby on Rails 2.3.18

Since v2.3.18 Last seen in v2.3.18 Private 
ensure_secret_secure(secret)

To prevent users from using something insecure like “Password” we make sure that the secret they’ve provided is at least 30 characters in length.

Parameters

secret req
Source 
# File actionpack/lib/action_controller/session/cookie_store.rb, line 188
        def ensure_secret_secure(secret)
          # There's no way we can do this check if they've provided a proc for the
          # secret.
          return true if secret.is_a?(Proc)

          if secret.blank?
            raise ArgumentError, "A secret is required to generate an " +
              "integrity hash for cookie session data. Use " +
              "config.action_controller.session = { :key => " +
              "\"_myapp_session\", :secret => \"some secret phrase of at " +
              "least #{SECRET_MIN_LENGTH} characters\" } " +
              "in config/environment.rb"
          end

          if secret.length < SECRET_MIN_LENGTH
            raise ArgumentError, "Secret should be something secure, " +
              "like \"#{ActiveSupport::SecureRandom.hex(16)}\".  The value you " +
              "provided, \"#{secret}\", is shorter than the minimum length " +
              "of #{SECRET_MIN_LENGTH} characters"
          end
        end

Defined in actionpack/lib/action_controller/session/cookie_store.rb line 188 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActionController::Session::CookieStore

Type at least 2 characters to search.

↑↓ navigate · open · esc close