Project

seasoning

0.0
No commit activity in last 3 years
No release in over 3 years
seasoningmartinisoft/seasoningHomepageDocumentationSource CodeBug Tracker
A Rails 3 generator to update your existing authentication peppers for additional security.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,637
Stars
2
Forks
0
Watchers
2
 Releases
Current version
0.1.1
Total releases
2
First release
2010-10-31
Latest release
2010-10-31
 Issues
Open Issues
2
Closed Issues
1
Total Issues
3
Issue Closure Rate
33%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-07-30
Reverse Dependencies
0

 Dependencies
 Project Readme

Seasoning

A Rails 3 generator to season your app.

TL;DR

If you have a public rails app, you need this!

WTF?

All Rails apps start with a salt to encrypt your requests and sessions in cookies. If you use Devise, you have a pepper that is used to add extra encryption to your stored user passwords. When you publish your Rails app online, you expose this to anyone who can see this encryption key.

When you expose those passwords encryption keys to the outside world, you open yourself up to a special kind of attack where your passwords can be guessable should your site become compromised. A malicious user can use techniques like Rainbow Tables to reliably guess your encrypted passwords.

Install

gem install seasoning

Usage

Once you install the gem, the generators will be available to any Rails application so long as you add the following to your Gemfile:

gem "seasoning"

After this has been added and you have run bundle install, you should be able to type:

rails g seasoning

Optionally, if you use Devise, which also uses a Pepper, do:

rails g seasoning --devise

Got a patch?

I love the github pull request system and so will you when contributing!

  • Fork the repo
  • Make a patch (with tests please!)
  • Send a pull request

Simple! If you need stuff to work on, check the "Issues" section of the github repo. If its a new feature, make it awesome and I'll gladly accept the patch.

License and Author

Copyright:: 2011-2013, Aaron Kalin

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.