diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-05-28 17:02:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-28 17:02:14 +0200 |
| commit | b88200f10376a3d73c34a7db0347acc7b06bad39 (patch) | |
| tree | 4cca6ebc0d4f010a025b954ef75ac5733222dcff /guides/source/security.md | |
| parent | 919bc57747924d77700db656ab7be34f4ff3a61f (diff) | |
| parent | 5a3ba63d9abad86b7f6dd36a92cfaf722e52760b (diff) | |
| download | rails-b88200f10376a3d73c34a7db0347acc7b06bad39.tar.gz rails-b88200f10376a3d73c34a7db0347acc7b06bad39.tar.bz2 rails-b88200f10376a3d73c34a7db0347acc7b06bad39.zip | |
Merge pull request #28132 from mikeycgto/aead-encrypted-cookies
AEAD encrypted cookies and sessions
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 75522834df..f69a0c72b0 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -95,16 +95,23 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves * The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, _you don't want to store any secrets here_. To prevent session hash tampering, a digest is calculated from the session with a server-side secret (`secrets.secret_token`) and inserted into the end of the cookie. -However, since Rails 4, the default store is EncryptedCookieStore. With -EncryptedCookieStore the session is encrypted before being stored in a cookie. -This prevents the user from accessing and tampering the content of the cookie. -Thus the session becomes a more secure place to store data. The encryption is -done using a server-side secret key `secrets.secret_key_base` stored in -`config/secrets.yml`. +In Rails 4, encrypted cookies through AES in CBC mode with HMAC using SHA1 for +verification was introduced. This prevents the user from accessing and tampering +the content of the cookie. Thus the session becomes a more secure place to store +data. The encryption is performed using a server-side `secrets.secret_key_base`. +Two salts are used when deriving keys for encryption and verification. These +salts are set via the `config.action_dispatch.encrypted_cookie_salt` and +`config.action_dispatch.encrypted_signed_cookie_salt` configuration values. -That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA1, for compatibility). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters, use `rails secret` instead_. +Rails 5.2 uses AES-GCM for the encryption which couples authentication +and encryption in one faster step and produces shorter ciphertexts. -`secrets.secret_key_base` is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`, e.g.: +Encrypted cookies are automatically upgraded if the +`config.action_dispatch.use_authenticated_cookie_encryption` is enabled. + +_Do not use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters! Instead use `rails secret` to generate secret keys!_ + +Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`, e.g.: development: secret_key_base: a75d... |