On Sat, Mar 29, 2014 at 1:52 PM, Rodrigo Rosenfeld Rosas <[email protected] > wrote:
> Forget about using environment variables. Those are the easiest to > checkout if you're root in a Linux server for instance. I could easily read > it in a quick test. > > I'm curious though to see how easy would it be to use GDB to attach to a > running application after the deploy script has removed the file with the > key after the application has booted... > Trivial. If it's in memory, you can rip it out. http://timetobleed.com/ripping-oauth-tokens-or-other-secrets-out-of-tweetdeck-twitter-app-and-other-apps/ http://seriot.ch/abusing_twitter_api.php#32 etc. -- Cheers Koz -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
