Hi,
I just noticed that when users register or login to my website (I use restful_auth), their password gets printed out in the production.log file. How can I prevent that? I consider this a major security issue.
SSL is used to prevent eavesdropping and passwords are stored encrypted in DB by the way, but I never thought about log files.
in application.rb, insert: filter_parameter_logging “password”
Fernando,
filter_parameter_logging is your friend.
* http://robbyonrails.com/articles/2007/07/16/rails-code-audit-tips-filtered-parameter-logging
Cheers, Robby
In you application.rb file use
filter_parameter_logging “password”
HTH
Charles
Hi, please remember google is your friend:
a) Google is your friend
b) Api Documents is also a good resource
Note: If you search for password, you’ll also find a reference for ‘filter_parameter_logging’
Good luck,
-Conrad
in application.rb, insert: filter_parameter_logging "password"
Thank you all for your replies. This should be included by default (or at least commented out?) in restful_auth generator and any other authentication plugin.
Pretty sure this is in there by default in recent versions of Rails. (in application controller) (2.3 i believe)