Hi all, Security is always a hot topic, and in our company especially. We where looking into the secret tokens. And we think we can do a step better than an "secrets.yml" file. The fact is that system administrators still have access to the secret token, and that is not always acceptable. Replacing the secret token each time an admin leaves, is not a viable solution. So we fought, how about a dynamic token? Proposing to make the token "callable". Besides being a string, the token could be a proc or anything responding to call, receiving the request object. This allows the implementer to dynamically change the token. This can be useful to have a separate token per domain, very useful in multi tenant applications. If there is intrest in this, I'm willing to develop it as well! What do you think? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscribe@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.