Incidentally, if you follow the recommended installation directions for
> Radiant, you will get a unique session key in every new Radiant project.
>  Only straight checkouts of the source will have the same session key
>
Terrific!  Thanks.

On Tue, Aug 12, 2008 at 1:21 PM, Sean Cribbs <[EMAIL PROTECTED]> wrote:

> I've already discussed this privately with the original author of that
> thread.  Incidentally, if you follow the recommended installation directions
> for Radiant, you will get a unique session key in every new Radiant project.
>  Only straight checkouts of the source will have the same session key, and
> you shouldn't be running Radiant on a live site in that mode anyway.
>
> Sean
>
> Dan and Norine Simpson wrote:
>
>> Here's<
>> http://groups.google.com/group/rubyonrails-core/browse_thread/thread/4d43c1fa2485f3e3
>> >an
>>
>> interesting thread addressing a potential vulnerability of sites for
>> which the site developer fails or forgets to change the 'secret key' in
>> enviroment.rb.  They discuss various remedies, including automating
>> generation of new keys per site.  At a minimum, it would seem prudent for
>> installation instructions to advise site developers to change the key at
>> deployment.
>>
>> -Dan
>> _______________________________________________
>> Radiant mailing list
>> Post:   Radiant@radiantcms.org
>> Search: http://radiantcms.org/mailing-list/search/
>> Site:   http://lists.radiantcms.org/mailman/listinfo/radiant
>>
>>
>>
>
> _______________________________________________
> Radiant mailing list
> Post:   Radiant@radiantcms.org
> Search: http://radiantcms.org/mailing-list/search/
> Site:   http://lists.radiantcms.org/mailman/listinfo/radiant
>
_______________________________________________
Radiant mailing list
Post:   Radiant@radiantcms.org
Search: http://radiantcms.org/mailing-list/search/
Site:   http://lists.radiantcms.org/mailman/listinfo/radiant

Reply via email to