From 2b51fdf8f3e3c81636d4b8ca8f5b6e1b8a9a57ec Mon Sep 17 00:00:00 2001 From: pdostal Date: Sat, 20 Dec 2014 00:14:55 +0100 Subject: [PATCH] Reflect SECRET_TOKEN vulnerability in README #296 --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3492026..87a2912 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Happy contribution! Found a problem? -First check that you are the only one to have spotted it by +First check that you are the only one to have spotted it by searching similar issues in the [issues list](https://github.com/nukomeet/coworfing/issues). If your issue is not listed, then create a bug report, with at least an explicit title and a descriptive text, the part of code posing a problem, and (it would be great) a unit test showing what goes wrong. @@ -76,13 +76,13 @@ Then grab the code and deploy coworfing locally on your computer: bundle install -- create a postgres user for the app - +- create a postgres user for the app + su - postgres psql create role coworfing with createdb login password 'yourpassword'; -- you may have to edit your pg_hba.conf to be able to log to your database. [More details here](http://stackoverflow.com/questions/17443379/psql-fatal-peer-authentication-failed-for-user-dev). +- you may have to edit your pg_hba.conf to be able to log to your database. [More details here](http://stackoverflow.com/questions/17443379/psql-fatal-peer-authentication-failed-for-user-dev). - run @@ -92,6 +92,12 @@ Then grab the code and deploy coworfing locally on your computer: RAILS_ENV=test rake db:create db:schema:load +- you have to create `SECRET_TOKEN` for verifying the integrity of signed cookies + + rake secret + +- finaly put your token to `.env` as `SECRET_TOKEN=###` (see `.env.example`) + Coworfing is now deployed locally on your computer!