1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/guides
Dirkjan Bussink 0f6c9bc786
Add an ActiveSupport option to allow setting a digest class
Right now it's already possible to set a digest class manually, but this
is not through a publicly supported and approved API. With these
configuration options, it is possible to configure a digest class to use
for digests inside Rails.

The reason for this is that it allows configuring other classes in
certain conditions like running in FIPS mode. FIPS disallows MD5 and
discourages SHA1. Even though this isn't used in Rails for security
related things, using newer hash algorithms means not having to explain
it to auditors which always makes life easier.

That's not the only reason though. If today Ruby is built and running
for example in an Ubuntu 18.04 FIPS approved environment, the default
Digest classes break, see https://bugs.ruby-lang.org/issues/13681 as
well.

By allowing a class to be configured, the following can be used so that
things work properly (using the new API proposed here):

```
Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
```

This would then use the OpenSSL certified FIPS implementation as well.
2020-09-23 17:47:35 +02:00
..
assets Merge pull request #39406 from vipulnsward/ar-bookstore-model 2020-08-25 17:58:32 -04:00
bug_report_templates Add Action Mailbox bug report templates 2020-07-15 11:04:12 -04:00
rails_guides Fix variable name in guides markdown generator 2020-07-28 10:24:35 +01:00
source Add an ActiveSupport option to allow setting a digest class 2020-09-23 17:47:35 +02:00
.document
CHANGELOG.md Changes over AR Querying guide [ci skip] 2020-05-27 23:44:24 +05:30
rails_guides.rb
Rakefile Remove references to WARNINGS environment variable [ci skip] 2020-07-05 16:40:52 +01:00
w3c_validator.rb