Valid point. However, security is never a 100%. I do think that N secret tokens is a "safer" situation than just one. Also note, that any future tenants would be safe from "remembering" the base token.
I'll give this a shot this weekend. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.