Add advise to modify secret token

This commit is contained in:
Julius 2012-11-12 14:39:38 +01:00
parent c17ff281c3
commit 1e725872da
2 changed files with 85 additions and 4 deletions

View file

@ -36,7 +36,17 @@ You need to create your own copy of the foodsoft configuration settings:
Edit app_config.yml to suit your needs or just keep the defaults for now. Edit app_config.yml to suit your needs or just keep the defaults for now.
(4) Required ruby and gems (4) Secret Token
-------------------
The user session are stored in cookies. Do avoid misusing the cookies and its sensitive information, rails
will encrypt it with a token. So copy the config file
cp config/environment.rb.SAMPLE config/environment.rb
and modify the token "config.action_controller.session"!!!
(5) Required ruby and gems
------------------- -------------------
We reccomend the using of rvm (https://rvm.beginrescueend.com/). Install rvm and get the lates ruby (1.8.7). We reccomend the using of rvm (https://rvm.beginrescueend.com/). Install rvm and get the lates ruby (1.8.7).
If installed you only need to install the gem bundler: If installed you only need to install the gem bundler:
@ -48,7 +58,7 @@ After that you get the other gems easily with (from project root):
bundle install bundle install
(5) Create database (schema) and load defaults (6) Create database (schema) and load defaults
-------------------------- --------------------------
rake db:create rake db:create
rake db:schema:load rake db:schema:load
@ -57,8 +67,8 @@ After that you get the other gems easily with (from project root):
With this, you also get a ready to go user with username 'admin' and password 'secret'. With this, you also get a ready to go user with username 'admin' and password 'secret'.
(6) Try it out! (7) Try it out!
--------------- ---------------
Start the WEBrick server to try it out: Start the WEBrick server to try it out:
script/server script/server

View file

@ -0,0 +1,71 @@
# Be sure to restart your web server when you modify this file.
# Uncomment below to force Rails into production mode when
# you don't control web/app server and can't set it the proper way
# ENV['RAILS_ENV'] ||= 'production'
# Specifies gem version of Rails to use when vendor/rails is not present
RAILS_GEM_VERSION = '2.3.11' unless defined? RAILS_GEM_VERSION
# Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot')
Rails::Initializer.run do |config|
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.
# See Rails::Configuration for more options.
# Skip frameworks you're not going to use (only works if using vendor/rails)
# config.frameworks -= [ :action_web_service, :action_mailer ]
# Only load the plugins named here, by default all plugins in vendor/plugins are loaded
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
# Add additional load paths for your own custom dirs
# config.load_paths += %W( #{RAILS_ROOT}/extras )
# Force all environments to use the same logger level
# (by default production uses :info, the others :debug)
# config.log_level = :debug
# Disable colorized logging output for ActiveRecord:
config.active_record.colorize_logging = false
# Use the database for sessions instead of the file system
# (create the session table with 'rake db:sessions:create')
# config.action_controller.session_store = :active_record_store
# Use SQL instead of Active Record's schema dumper when creating the test database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql
# Activate observers that should always be running
# config.active_record.observers = :cacher, :garbage_collector
# Make Active Record use UTC-base instead of local time
config.time_zone = 'Berlin'
# Specify gems that this application depends on.
# They can then be installed with "rake gems:install" on new installations.
# You have to specify the :lib option for libraries, where the Gem name (sqlite3-ruby) differs from the file itself (sqlite3)
# config.gem "bj"
# config.gem "hpricot", :version => '0.6', :source => "http://code.whytheluckystiff.net"
# config.gem "sqlite3-ruby", :lib => "sqlite3"
# config.gem "aws-s3", :lib => "aws/s3"
#
# config.gem "fastercsv"
# config.gem "prawn", :version => '<=0.6.3'
# config.gem "haml", :version => '>=2.0.6'
# config.gem "routing-filter", :lib => "routing_filter"
# The internationalization framework can be changed to have another default locale (standard is :en) or more load paths.
# library for parsing/writing files from/to csv-file
# All files from config/locales/*.rb,yml are added automatically.
# config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')]
config.i18n.default_locale = :de
# See Rails::Configuration for more options
config.action_controller.session = { :key => "_myapp_session", :secret => "9195616576518931793179752176417923862176431279acfaedcbeafdcbeafdcbeafcbaefdcbaedcfadcf" }
end