Rails Security Warning - secret option

Question

Possible Duplicate:
No secret option provided to Rack::Session::Cookie warning?

I just created a new rails 3.2.8 app and ran the following command

 rails g paperclip myModel image

I get this warning afterwards

  SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
    This poses a security threat. It is strongly recommended that you
    provide a secret to prevent exploits that may be possible from crafted
    cookies. This will not be supported in future versions of Rack, and
    future versions will even invalidate your existing user cookies.

Thats all good and great but what am I supposed to do with this. Any ideas

Thanks

Please show the Gemfile line that includes paperclip.. Thanks. — Michael Durrant, Jan 11 '13 at 04:06

score 1 · Accepted Answer · edited May 23 '17 at 12:27

1

See here:

No secret option provided to Rack::Session::Cookie warning?

You also might want to immediately upgrade to Rails 3.2.11 to patch some recently discovered security vulnerabilities.

edited May 23 '17 at 12:27

Community

1
1

answered Jan 11 '13 at 04:09

Josh Rieken

2,256
1
19
23

Would this cause the other gems to stop working? Whats your experience with that upgrade? Thanks – banditKing Jan 11 '13 at 05:19
It's usually safe to upgrade to a a new patch number (e.g., 3.2.x) without worrying about breakage. Minor number upgrades (e.g., 3.x) require more care. It's good practice to test thoroughly after any upgrade. – Josh Rieken Jan 11 '13 at 15:52
1

I would say it's critical to update to 3.2.11 if you're within the 3.2.x range. I've already encountered some attempts to break into apps as a result of the major security vulnerabilities found a few days ago. See this: http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ – Josh Rieken Jan 11 '13 at 15:53

Rails Security Warning - secret option

1 Answers1