phusion / juvia

A commenting server similar to Disqus and IntenseDebate.

Home Page:http://phusion.github.io/juvia/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Preconfigured "secret" token

stbuehler opened this issue · comments

Juvia::Application.config.secret_token is supposed to be a secret token; it has to be generated for each instance configured.

Right now probably most people running juvia will use the "secret" published in this repo.

The secret should be set in a config file; in production/development it should not start without a secret, test should probably have its own default secret.

Proposal to read from ENV, application.yml and then generating secret on the fly: stbuehler@20f8bce