You could replace "DEFAULT" with something that's unique for any application, for example the checksum of AppModule class file.
This should be fairly secret, and stable across clusters. Nelson. On 05/10/2012, at 13:34, Massimo Lusetti <[email protected]> wrote: > On Fri, Oct 5, 2012 at 12:35 PM, Dmitry Gusev <[email protected]> wrote: > >> I know, but isn't other default (non-random) value would be a priori known? >> >> Random value isn't good for cluster deployments, as was already mentioned >> before. >> >> So by default the HMAC signature wouldn't be much secure (if key equals to >> default), but at least it will work in cluster the same way as assets do >> (using application version). >> >> If you want more secure signatures you may specify passphrase explicitly >> also. > > My point is I don't see any difference between the "DEFAULT" default > value and the application version. > > Cheers > -- > Massimo > http://meridio.blogspot.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
