That's an interesting issue (Django has the same issue with its SECRET_KEY). If ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		SoftwareMaven on Jan 3, 2013 \| parent \| context \| favorite \| on: SQL Injection Vulnerability in Ruby on Rails; affe... That's an interesting issue (Django has the same issue with its SECRET_KEY). If you have an open-source project that utilizes these kinds of technologies, you need to keep your secret key secret. As it says in the Django settings: "Make this unique, and don't share it with anybody." Your web application's security depends on it!

graue on Jan 3, 2013 [–]

Incidentally, this is one reason why the 12-factor app methodology stores configuration in environment variables, not source files. http://www.12factor.net/config

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact