#mailform

In my last post, I set up a basic mail sending application. (Read that post here). While setting up the application, I had some security issues that I knew about and promised to fix in my next post. So, here we go!

Sensitive Information

First, we need to identify the sensitive information in our application. In my original SMTP settings, I was providing my actual email and password as the user_name and password. The code works, but it is super insecure! I don’t want to share my email and password with the world.

Let’s move that information into a .yml file.

I am going to create a file, app/config/application.yml where I can set some environmental variables, like so:

NOTE: It is convention to name environment variables in ALL CAPS.

Now, let’s use the variables in our SMTP settings:

Don’t forget to exclude your .yml file from your repo! Go to your .gitignore file and add:

Now, let’s make sure that the environment variables get loaded. In config/application.rb, add the following lines of code:

This tells the application to load locally stored environment variables.

NOTE: Locally store environment variables are exactly what they sound like — locally stored! Because we’ve added these to the gitignore file, anyone who clones or downloads your repo won’t have access. If you are working with a group or partner, you will each need to set up your own environment variables. You will also need to set production variables when you push your code to production. Check out my post on Heroku commands for the steps on Heroku!

Gems