mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
0f6c9bc786
Right now it's already possible to set a digest class manually, but this is not through a publicly supported and approved API. With these configuration options, it is possible to configure a digest class to use for digests inside Rails. The reason for this is that it allows configuring other classes in certain conditions like running in FIPS mode. FIPS disallows MD5 and discourages SHA1. Even though this isn't used in Rails for security related things, using newer hash algorithms means not having to explain it to auditors which always makes life easier. That's not the only reason though. If today Ruby is built and running for example in an Ubuntu 18.04 FIPS approved environment, the default Digest classes break, see https://bugs.ruby-lang.org/issues/13681 as well. By allowing a class to be configured, the following can be used so that things work properly (using the new API proposed here): ``` Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256 ``` This would then use the OpenSSL certified FIPS implementation as well. |
||
|---|---|---|
| .. | ||
| bootstrap.rb | ||
| configuration.rb | ||
| default_middleware_stack.rb | ||
| dummy_erb_compiler.rb | ||
| finisher.rb | ||
| routes_reloader.rb | ||