Is this common

Jay Dev wrote:

Hi,
I have a webapp built using ruby on rails. The login page takes the
username and password.
When I run the application and check the development.log file I see the
passwords in that file in text format of users loggin in.
Is this common? I'm the administrator so only I have access to those
files, but still is there a way for me to tell rails not to spit out all
those lines in the log files.

Thanks,
Dev
  

Add this to your application.rb...

filter_parameter_logging "password"

You should consider analyze your log files and then truncate it with:

rake log:clear # Truncates all *.log files in log/ to
zero bytes

Jay Dev wrote:

Jon,
Thank you, that worked. BTW, how often do you delete log files and is
there a command you use to delete the file or clear the file.

Thanks.
  

You can add something like this to your environment.rb...

#Rotate logs on server restart
config.logger = Logger.new("#{RAILS_ROOT}/log/#{ENV['RAILS_ENV']}.log",
5, 1048576)

I believe the above settings are keep the last 5 log files, and limit
their size to 1048576 bytes. (Don't ask me why we have that particular
file size in our config. I must have been in a strange mood that day.)

Jon Garvin wrote:

Jay Dev wrote:
  

Jon,
Thank you, that worked. BTW, how often do you delete log files and is there a command you use to delete the file or clear the file.

Thanks.
  

You can add something like this to your environment.rb...

#Rotate logs on server restart
config.logger = Logger.new("#{RAILS_ROOT}/log/#{ENV['RAILS_ENV']}.log",
5, 1048576)

I believe the above settings are keep the last 5 log files, and limit
their size to 1048576 bytes. (Don't ask me why we have that particular
file size in our config. I must have been in a strange mood that day.)

1048576 is exactly 1MByte (1024 x 1024)... Is that why?

Cheers,
Mohit.
8/31/2007 | 2:20 PM.