<    March 2017    >
Su Mo Tu We Th Fr Sa  
          1  2  3  4  
 5  6  7  8  9 10 11  
12 13 14 15 16 17 18  
19 20 21 22 23 24 25  
26 27 28 29 30 31
01:29 alfie joined
01:37 <Rennex> flips: well, first of all "secure enough" always depends on the purpose :) The bcrypt stuff looks fine to me. The session stuff is missing an explicit session secret, but even with that i'm not really happy about storing the sessions contents in a cookie. Then the ability to forge the contents would require either guessing the session secret, or defeating the signing algorithm
01:38 <Rennex> flips: and, hopefully you'd be storing the users in a database instead of an in-memory ruby Hash.'
01:42 <Rennex> flips: anyway, the default session middleware (with a good long secret) is probably fine in practise. i just dislike the fact that the session contents are readable by the user, and that if there's a lot of it, it's transferred on every request. However, i don't know of a better one that's out there. I wrote my own that stores the session in a DB using Sequel, but i haven't fully completed and released
01:42 <Rennex> it. :)
07:26 aidalgol joined
13:53 IRCFrEAK joined
13:55 lamer14894991848 joined
13:58 IRCFrEAK joined
14:23 hive-mind joined
15:05 hive-mind joined
17:38 blackmesa joined
18:40 vikaton joined
18:53 blackmesa joined
18:55 <flips> Not planning on storing users in an in-memory Ruby hash, no ... ;) So explicitly/manually setting the session secret is smart? I thought it was automatically created upon launch, but I guess setting it manually is good for multi-threading, especially if I host it on jruby/a jvm setup or something ... :)
21:13 blackmesa joined
22:05 blackmesa joined
22:31 <blackmesa> hi all. how can I route erb to a file in a folder? erb :index -> erb /folder/:index
22:31 <blackmesa> like that