This sounds great and would also helpful in updating Rails (I know updating is a breeze for some apps, but not always).
On Fri, Mar 28, 2014 at 4:02 PM, Bert Goethals <[email protected]>wrote: > Hi all, > > Security is always a hot topic, and in our company especially. > We where looking into the secret tokens. And we think we can do a step > better than an "secrets.yml" file. > > The fact is that system administrators still have access to the secret > token, and that is not always acceptable. > Replacing the secret token each time an admin leaves, is not a viable > solution. So we fought, how about a dynamic token? > > Proposing to make the token "callable". Besides being a string, the token > could be a proc or anything responding to call, receiving the request > object. > This allows the implementer to dynamically change the token. > > This can be useful to have a separate token per domain, very useful in > multi tenant applications. > > If there is intrest in this, I'm willing to develop it as well! > > What do you think? > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/rubyonrails-core. > For more options, visit https://groups.google.com/d/optout. > -- Mohamed Wael Khobalatte -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
