Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ActionMailer password security

Tags:

security

ruby-on-rails

actionmailer

Am I crazy, or is it a bad idea to keep my SMTP username and password for ActionMailer in the actual (development/production) config file? It seems like I should store it an encrypted place, or at the very minimum, exclude it from my Mercurial pushes.

Right now, I'm just removing the password from my source file before performing a push, but there's got to be a smarter way than the one I'm using. :)

Perhaps I should store it in my database as another user (which is already stored with encrypted passwords) and fetch it programatically?

like image 905
jefflunt Avatar asked Mar 03 '10 01:03

jefflunt

People also ask

What is ActionMailer?

1 Introduction. Action Mailer allows you to send emails from your application using a mailer model and views. So, in Rails, emails are used by creating mailers that inherit from ActionMailer::Base and live in app/mailers. Those mailers have associated views that appear alongside controller views in app/views.

How do I send an email to ROR?

Go to the config folder of your emails project and open environment. rb file and add the following line at the bottom of this file. It tells ActionMailer that you want to use the SMTP server. You can also set it to be :sendmail if you are using a Unix-based operating system such as Mac OS X or Linux.

1 Answers

Use an application configuration file that is not stored in your repository for storing sensitive information. Here is how I've done it:

  1. Add an app_config.yml in your config directory. Its contents would look like this:

    smtp_password: kl240jvfslkr32rKgjlk
some_other_password: 34hg9r0j0g402jg
and_so_on: lkn$@gJkjgsFLK4gaj

  2. Add a preinitializer.rb in your config directory with the following contents:

    require 'yaml'
APP_CONFIG = YAML.load(File.read(RAILS_ROOT + "/config/app_config.yml"))

  3. Substitute your passwords for values in the APP_CONFIG variable, like so:

    smtp_password = kl240jvfslkr32rKgjlk # old version
smtp_password = APP_CONFIG['smtp_password'] # new version

Make sure you don't include app_config.yml in your repository, though you may want to create an example file that is checked in, just to show a sample of what should be in it. When you deploy your application, make sure that app_config.yml is stored on the server. If you're using a standard Capistrano deployment, put the file in the shared folder and update your deployment task to create a symlink to it in the current release's directory.

like image 112
Jimmy Avatar answered Sep 28 '22 08:09

Jimmy
Sign in to Comment

Related questions

Rails 4: accepts_nested_attributes_for and mass assignment
Redirecting from routes when the constraints fail
Javascript doesn't get executed the first time when I access a page from a link
How can I block external connections with RSpec & Capybara?
How to simulate ActiveRecord Model.count.to_sql
Is rails console limiting the query output?
Rails app logic internationalization
When should I use delegate, and when should I use has_one :through?
Run one rake task after another completes
How to avoid PG::NumericValueOutOfRange when using sum function
Way to load folder as module constant in rails app directory
Undefined method #sanitize for ActiveRecord::Base
Rails 5.1+ Vuejs Webpacker: Normal Rails MVC vs Rails API
Rails, edit action does not populate the form correctly with many instances of the same model
Rails: Remove foreign key constraint
json field in edit form with rails
Generated RSpec controller test is failing with wrong number of arguments (given 2, expected 1)
accessing POST parameters
Rails routing and URI fragment identifier
Rails page caching and flash messages

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!