Rails - Feb 2013 - SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

I am getting following warning while generating model, how to get rid of
this warning and what is cause for this warning. I am using rails 3.2.8

   SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
   This poses a security threat. It is strongly recommended that you
   provide a secret to prevent exploits that may be possible from
crafted
   cookies. This will not be supported in future versions of Rack, and
   future versions will even invalidate your existing user cookies.

Thank you.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User
wrote:
>
> I am getting following warning while generating model, how to get rid of 
> this warning and what is cause for this warning. I am using rails 3.2.8 
>
>    SECURITY WARNING: No secret option provided to Rack::Session::Cookie. 
>    This poses a security threat. It is strongly recommended that you 
>    provide a secret to prevent exploits that may be possible from 
> crafted 
>    cookies. This will not be supported in future versions of Rack, and 
>    future versions will even invalidate your existing user cookies. 
>
>
Normally you''d have 

YourApplication::Application.config.secret_token = ''long random
string''

in an initializer, which rails should then pass through to rack. You can 
use rake secret to generate such a token.

Fred

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/MFS7MbQeiUUJ.
For more options, visit https://groups.google.com/groups/opt_out.

Frederick Cheung wrote in post #1095286:
> On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User wrote:
>>
>>
> Normally you''d have
>
> YourApplication::Application.config.secret_token = ''long random
string''
>
> in an initializer, which rails should then pass through to rack. You can
> use rake secret to generate such a token.

I just read about this yesterday. It''s an issue with the very latest 
update to the rack gem, as I understand it. The issue was patched in the 
Rails master and should make it''s way into the next point release of 
Rails. According to the bug discussion this warning can be safely 
ignore, so just wait for the next Rails release and the warning should 
go away.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert Walker




On Thu, Feb 7, 2013 at 5:23 AM, Robert Walker
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:
> Frederick Cheung wrote in post #1095286:
> > On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User
wrote:
> >>
> >>
> > Normally you''d have
> >
> > YourApplication::Application.config.secret_token = ''long
random string''
> >
> > in an initializer, which rails should then pass through to rack. You
can
> > use rake secret to generate such a token.
>
>
> I just read about this yesterday. It''s an issue with the very
latest
> update to the rack gem, as I understand it. The issue was patched in the
> Rails master and should make it''s way into the next point release
of
> Rails. According to the bug discussion this warning can be safely
> ignore, so just wait for the next Rails release and the warning should
> go away.
>
> --
> Posted via http://www.ruby-forum.com/.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
----------------------------------------------------------------------------------------------------
Thank You.

Best Wishes,

BalaRaju Vankala,
8886565300.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

On Thu, Feb 7, 2013 at 6:51 AM, BalaRaju Vankala
<foreverbala4u-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert Walker
Rake is not Rack.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

Thank you Jordon


On Thu, Feb 7, 2013 at 6:23 PM, Jordon Bedwell
<envygeeks-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Thu, Feb 7, 2013 at 6:51 AM, BalaRaju Vankala
> <foreverbala4u-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert
> Walker
>
> Rake is not Rack.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
----------------------------------------------------------------------------------------------------
Thank You.

Best Wishes,

BalaRaju Vankala,
8886565300.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.