[OpenStreetMap] #5273: SECRET_KEY_BASE listed in error message
OpenStreetMap
trac at noreply.openstreetmap.org
Mon Feb 2 01:35:20 UTC 2015
#5273: SECRET_KEY_BASE listed in error message
-------------------------+-------------------------
Reporter: aseerel4c26 | Owner: rails-dev@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: website | Version:
Keywords: security |
-------------------------+-------------------------
a variable SECRET_KEY_BASE is listed in the section "Environment
variables" of a ...
"Web application could not be started
No server available (Dalli::RingError)"
... error message of the osm website which I just saw (not any more).
Value is something like eJ+wiOKsadkdsasAasd+fsfjKLalwe+sd...
https://github.com/rails-api/rails-
api/blob/dd6b71bd6e6e241529f541dc92b2076e9d238b28/lib/rails-
api/templates/rails/app/config/initializers/secret_token.rb.tt says "Make
sure your secret_key_base is kept private if you're sharing your code
publicly."
While I do not know if this is raelly a problem for OSM, I rather mention
it ... It *looks* not that nice to expose a variable which is named
"secret" to users.
--
Ticket URL: <https://trac.openstreetmap.org/ticket/5273>
OpenStreetMap <http://www.openstreetmap.org/>
OpenStreetMap is a free editable map of the whole world
More information about the rails-dev
mailing list