did you even look at what was matched? *Change the cookie secret token at config... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mikeryan on Jan 3, 2013 \| parent \| context \| favorite \| on: SQL Injection Vulnerability in Ruby on Rails; affe... did you even look at what was matched? Change the cookie secret token at config/initializers/secret_token.rb Create a config/initializers/secret_token.rb file: That will rename your app in the following files: ... config/initializers/secret_token.rb Change your Application’s Secret Token ... Change the secret token at /config/initializers/secret_token.rb Those are the first six items in order and the trend continues at least through the first page of results.

paulgb on Jan 3, 2013 [–]

Good catch, I'm glad that it's a best practice. I wasn't trying to shame those projects, I'm not a rubiest so I was just trying to figure out how someone might gain access to a secret token.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact