Skip to content

Security

krisleech edited this page Sep 13, 2010 · 8 revisions

By default, Rack::Bug will only allow ‘127.0.0.1’ to connect. To enable other IPs, you need to provide a different IP mask in the options.

To enable SQL query running/profiling, Rack::Bug requires that you set the secret key.

And, finally, it’s tremendously good practice to set a good password if you’re not running Rack::Bug from localhost.

So, here’s all of them:

(Unfortunately, IPAddr is not yet loaded when the config block is running, so we move the middleware to config/initializers/rack_bug.rb:)

 ActionController::Dispatcher.middleware.use "Rack::Bug",
  :ip_masks   => [IPAddr.new("127.0.0.1"), IPAddr.new("my.ip.as_seen.from_server")],
  :secret_key => "RgXEMzQVJkZ5YKL8YKhO5EXR3EkrXtoJyUekAVB4ceAbccRGEO+uCLN0G88gB/e/g83u9ojvZv1daWE5pBAvjg==",
  :password   => "rack-bug-secret" 

You can set :ip_masks to nil if you wish to allow all IP addresses access.

You can easily generate a secure random number of any length using ActiveSupport::SecureRandom:

ActiveSupport::SecureRandom.base64(64) # 64-char base64-encoded secret key

(Pulled from http://www.themomorohoax.com/2009/04/20/debugging-rails-2-3-2-apps-with-rack-bug, many thanks!)

Clone this wiki locally