diff options
author | Andrew White <andyw@pixeltrix.co.uk> | 2013-04-26 07:26:00 -0700 |
---|---|---|
committer | Andrew White <andyw@pixeltrix.co.uk> | 2013-04-26 07:26:00 -0700 |
commit | 051d289030a6cb86590cd1b619eae1879b48458a (patch) | |
tree | b2aa8b3e85b99d97d5fdba1da4f478f51a1fe307 | |
parent | 11e23b9561b9a7dc0a7b79e6575f56c36e63acc0 (diff) | |
parent | 9ec0cf8581ef83bb1512293750aa0a7b32e2f4dd (diff) | |
download | rails-051d289030a6cb86590cd1b619eae1879b48458a.tar.gz rails-051d289030a6cb86590cd1b619eae1879b48458a.tar.bz2 rails-051d289030a6cb86590cd1b619eae1879b48458a.zip |
Merge pull request #9980 from stouset/patch-1
Improve poor security recommendation in docs
[ci skip]
-rw-r--r-- | activesupport/lib/active_support/message_encryptor.rb | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb index 96025e7614..bffdfc6201 100644 --- a/activesupport/lib/active_support/message_encryptor.rb +++ b/activesupport/lib/active_support/message_encryptor.rb @@ -12,10 +12,11 @@ module ActiveSupport # This can be used in situations similar to the <tt>MessageVerifier</tt>, but # where you don't want users to be able to determine the value of the payload. # - # key = OpenSSL::Digest::SHA256.new('password').digest # => "\x89\xE0\x156\xAC..." - # crypt = ActiveSupport::MessageEncryptor.new(key) # => #<ActiveSupport::MessageEncryptor ...> - # encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..." - # crypt.decrypt_and_verify(encrypted_data) # => "my secret data" + # salt = SecureRandom.random_bytes(64) + # key = ActiveSupport::KeyGenerator.new('password').generate_key(salt) # => "\x89\xE0\x156\xAC..." + # crypt = ActiveSupport::MessageEncryptor.new(key) # => #<ActiveSupport::MessageEncryptor ...> + # encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..." + # crypt.decrypt_and_verify(encrypted_data) # => "my secret data" class MessageEncryptor module NullSerializer #:nodoc: def self.load(value) |