San Francisco Ruby on Rails Group Message Board › Security warning in the latest rails app I created
San Francisco, CA
To the Geeks out there,
In the process of starting a new project I ran
$rails generate rspec:install
and I get this
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
I tried googling and reading the stack overflow comments about it . I couldnot get a proper solution on how to provide a secret that prevents exploits. Could you throw some light here.