Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#5273 closed defect (invalid)

SECRET_KEY_BASE listed in error message

Reported by: aseerel4c26 Owned by: rails-dev@…
Priority: trivial Milestone:
Component: website Version:
Keywords: Cc:


a variable SECRET_KEY_BASE is listed in the section "Environment variables" of a ...

"Web application could not be started No server available (Dalli::RingError?)"

... error message of the osm website which I just saw (not any more). Value is something like eJ+wiOKsadkdsasAasd+fsfjKLalwe+sd... says "Make sure your secret_key_base is kept private if you're sharing your code publicly."

While I do not know if this is raelly a problem for OSM, I rather mention it ... It *looks* not that nice to expose a variable which is named "secret" to users.

Change History (2)

comment:1 Changed 6 years ago by pnorman

Keywords: security removed
Priority: criticaltrivial
Resolution: invalid
Status: newclosed

Not a security issue - we don't use it. See for more information

comment:2 Changed 6 years ago by aseerel4c26

Okay, fine, thank you! :-)

Would it be (easily) possible to set this variable to 000000_not_used_000000 then? That way it would not look that suspicious (to other people seeing such errors in the future).

Note: See TracTickets for help on using tickets.