#913 Rails::SecretKeyGenerator should be removed in favor of SecureRandom - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#913 ✓committed

Rails::SecretKeyGenerator should be removed in favor of SecureRandom

Reported by Hongli Lai | August 27th, 2008 @ 11:49 AM | in 2.x

Rails::SecretKeyGenerator is used for generating a secret key for the session cookie store. Ruby 1.9's SecureRandom library actually do the same thing, but slightly better. For example, SecureRandom's /dev/urandom implementation checks whether /dev/urandom is a block device and not a symlink, and opens it O_NCTTY so that it doesn't become the process's controlling terminal. Plus, SecureRandom favors OpenSSL, which is much faster than /dev/urandom. SecretKeyGenerator favors /dev/urandom.

The attached patch removes Rails::SecretKeyGenerator and replaces it with ActiveSupport::SecureRandom.

0001-Remove-Rails-SecretKeyGenerator-in-favor-of-ActiveS.patch 18.3 KB

Comments and changes to this ticket

You flagged this item as spam.
Hongli Lai August 27th, 2008 @ 11:50 AM
- Title changed from “Rails::SecretKeyGenerator should be removed in factor of SecureRandom” to “Rails::SecretKeyGenerator should be removed in favor of SecureRandom”
- Tag changed from “activesupport, edge” to “activesupport, edge, patch”
You flagged this item as spam.
Hongli Lai August 27th, 2008 @ 12:12 PM
Updated patch: Rails::SecretKeyGenerator is now a lightweight compatibility wrapper around ActiveSupport::SecureRandom.
- 0001-Remove-Rails-SecretKeyGenerator-in-favor-of-ActiveS.patch 17.5 KB
Repository August 27th, 2008 @ 02:19 PM
- State changed from “new” to “committed”
(from [b3411ff59eb1e1c31f98f58f117a2ffaaf0c3ff5]) Deprecate Rails::SecretKeyGenerator in favor of ActiveSupport::SecureRandom.

SecureRandom has a few minor security enhancements and can be used as a drop-in replacement

Signed-off-by: Michael Koziarski michael@koziarski.com [#913 state:committed] http://github.com/rails/rails/co...

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

People watching this ticket

Attachments

0001-Remove-Rails-SecretKey... 18.3 KB
0001-Remove-Rails-SecretKey... 17.5 KB

Referenced by

913 Rails::SecretKeyGenerator should be removed in favor of SecureRandom Signed-off-by: Michael Koziarski michael@koziarski.com [#...

Rails Ruby on Rails → 2.x

Rails::SecretKeyGenerator should be removed in favor of SecureRandom

Comments and changes to this ticket

Hongli Lai August 27th, 2008 @ 11:50 AM

Hongli Lai August 27th, 2008 @ 12:12 PM

Repository August 27th, 2008 @ 02:19 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Referenced by

Pages

Rails Ruby on Rails → 2.x

Keyword searching

Rails::SecretKeyGenerator should be removed in favor of SecureRandom

Comments and changes to this ticket

Hongli Lai August 27th, 2008 @ 11:50 AM

Hongli Lai August 27th, 2008 @ 12:12 PM

Repository August 27th, 2008 @ 02:19 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Referenced by

Pages