diff options
| author | Robin Dupret <robin.dupret@gmail.com> | 2015-08-11 15:31:59 +0200 |
|---|---|---|
| committer | Robin Dupret <robin.dupret@gmail.com> | 2015-08-11 15:35:35 +0200 |
| commit | f51d1428811ae53876f6e1f40ad2c64d200fd0f5 (patch) | |
| tree | a4102a3fca046bc01873b29565496e5996cb8707 /guides | |
| parent | 5ffbcf12f38066feeda850e4ee1022d4b2f3a632 (diff) | |
| download | rails-f51d1428811ae53876f6e1f40ad2c64d200fd0f5.tar.gz rails-f51d1428811ae53876f6e1f40ad2c64d200fd0f5.tar.bz2 rails-f51d1428811ae53876f6e1f40ad2c64d200fd0f5.zip | |
Tiny documentation fixes [ci skip]
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/routing.md | 10 | ||||
| -rw-r--r-- | guides/source/security.md | 7 |
2 files changed, 11 insertions, 6 deletions
diff --git a/guides/source/routing.md b/guides/source/routing.md index 732932b26e..e4799d93fa 100644 --- a/guides/source/routing.md +++ b/guides/source/routing.md @@ -83,8 +83,8 @@ Rails would dispatch that request to the `destroy` method on the `photos` contro ### CRUD, Verbs, and Actions -In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to -controller actions. By convention, each action also maps to a specific CRUD +In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to +controller actions. By convention, each action also maps to a specific CRUD operation in a database. A single entry in the routing file, such as: ```ruby @@ -1095,12 +1095,12 @@ edit_videos GET /videos/:identifier/edit(.:format) videos#edit Video.find_by(identifier: params[:identifier]) ``` -You can override `ActiveRecord::Base#to_param` of a related -model to constructe an URL. +You can override `ActiveRecord::Base#to_param` of a related model to construct +an URL: ```ruby class Video < ActiveRecord::Base - def to_param # overridden + def to_param identifier end end diff --git a/guides/source/security.md b/guides/source/security.md index c5c0e9bcf6..c701027479 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -95,7 +95,12 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves * The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, _you don't want to store any secrets here_. To prevent session hash tampering, a digest is calculated from the session with a server-side secret (`secrets.secret_token`) and inserted into the end of the cookie. -However, since Rails 4, the default store is EncryptedCookieStore. With EncryptedCookieStore the session is encrypted before being stored in a cookie. This prevents the user access to the content of the cookie and prevents him from tampering its content as well. Thus the session becomes a more secure place to store data. The encryption is done using a server-side secret key `secrets.secret_key_base` stored in `config/secrets.yml`. +However, since Rails 4, the default store is EncryptedCookieStore. With +EncryptedCookieStore the session is encrypted before being stored in a cookie. +This prevents the user from accessing and tampering the content of the cookie. +Thus the session becomes a more secure place to store data. The encryption is +done using a server-side secret key `secrets.secret_key_base` stored in +`config/secrets.yml`. That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA1, for compatibility). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters, use `rake secret` instead_. |