-
Notifications
You must be signed in to change notification settings - Fork 104
Security
By default, Rack::Bug will only allow ‘127.0.0.1’ to connect. To enable other IPs, you need to provide a different IP mask in the options.
To enable SQL query running/profiling, Rack::Bug requires that you set the secret key.
And, finally, it’s tremendously good practice to set a good password if you’re not running Rack::Bug from localhost.
So, here’s all of them:
(Unfortunately, IPAddr is not yet loaded when the config block is running, so we move the middleware to config/initializers/rack_bug.rb:)
ActionController::Dispatcher.middleware.use "Rack::Bug",
:ip_masks => [IPAddr.new("127.0.0.1"), IPAddr.new("my.ip.as_seen.from_server")],
:secret_key => "RgXEMzQVJkZ5YKL8YKhO5EXR3EkrXtoJyUekAVB4ceAbccRGEO+uCLN0G88gB/e/g83u9ojvZv1daWE5pBAvjg==",
:password => "rack-bug-secret"
You can set :ip_masks to nil if you wish to allow all IP addresses access.
You can easily generate a secure random number of any length using ActiveSupport::SecureRandom:ActiveSupport::SecureRandom.base64(64) # 64-char base64-encoded secret key
(Pulled from http://www.themomorohoax.com/2009/04/20/debugging-rails-2-3-2-apps-with-rack-bug, many thanks!)