Here's<http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3>an interesting thread addressing a potential vulnerability of sites for which the site developer fails or forgets to change the 'secret key' in enviroment.rb. They discuss various remedies, including automating generation of new keys per site. At a minimum, it would seem prudent for installation instructions to advise site developers to change the key at deployment.
-Dan _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
