A file named "secret_token.rb" looks to me like "ruby code to operate on secret ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		JulianMorrison on Dec 26, 2012 \| parent \| context \| favorite \| on: Reminder: secret_token.rb is named so for a reason A file named "secret_token.rb" looks to me like "ruby code to operate on secret tokens", just like a file called "sha256.rb" would be expected to compute hashes, not contain them. Should have been called "secret_token.yml". Should live in the config, or even better, a "secret_config" top level directory, not a subdirectory.

jrochkind1 on Dec 27, 2012 [–]

yeah, that might be an improvement, that perhaps should be considered since it's clearly a developer usability problem.

But I think it's not unreasonable to have expected it was clear that ./config/initializers/secret_token.rb was a file to initialize a secret token, that included a secret token in it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact