Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update documentation #7

Merged
merged 2 commits into from
Mar 10, 2015
Merged

Update documentation #7

merged 2 commits into from
Mar 10, 2015

Conversation

mattolson
Copy link
Contributor

No description provided.

@mattolson
Copy link
Contributor Author

ping @pedelman @philipmuir

philipmuir
philipmuir reviewed Mar 5, 2015
View reviewed changes
README.md
* Edit `.env`:
* Set `BC_CLIENT_ID` and `BC_CLIENT_SECRET` to the values obtained from Developer Portal.
* Set `APP_URL` to `https://<app hostname>`
* Set `SESSION_SECRET` to a long random string
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rake secret generates a string of the right length/from a crypto secure random source, probably worthwhile mentioning it here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This project doesn't have rake, and I believe rake secret is a Rails thing, but this is a Sinatra app.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

date | md5 | shasum | base64

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about ruby -e "require 'securerandom'; puts SecureRandom.hex"?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openssl rand -base64 64

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

true :(

date and md5 should not be used in a production it's predictable, something generated using dev/urandom based on openssl lib, or ruby's SecureRandom since the secret is used to sign/validate cookies

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, updated.

@mattolson
Copy link
Contributor Author

🔨

mattolson added a commit that referenced this pull request Mar 10, 2015
@mattolson
Merge pull request #7 from mattolson/update_docs
3ae0fcc 
Update documentation
@mattolson mattolson merged commit 3ae0fcc into bigcommerce:master Mar 10, 2015
@mattolson mattolson deleted the update_docs branch March 10, 2015 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mattolson @stevencorona @pedelman @philipmuir