rails and security

Borja_Martin · October 16, 2008, 9:28am

Regards

MR Damien escribió:

Hi,

I am wondering if there is a way to secure rails application logs ?

My issue is that I discovered that form parameters are shown in clear in the logs. So when users are authenticating, you see the login and password in clear

Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43) [POST] Session ID: 8cb95e2e50332added5715eff9e84938 Parameters: {"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6", "action"=>"index", "controller"=>"login", "password"=>"toto", "login"=>"r386528"}

Is there any way to hide this ?

/** * dagi3d v4 - http://dagi3d.net */

11175 · October 18, 2008, 12:20pm

Borja Martín wrote:

Ruby on Rails — Filtered parameter logging

Regards

That worked, thanks !

Topic		Replies	Views
Rails Recipe 31 - Authenticatin Users Logs Reveals Passwords rubyonrails-talk	6	115	January 6, 2007
Hide password params in log file rubyonrails-talk	6	156	February 24, 2009
filter_parameter_logging not working? rubyonrails-talk	4	206	August 2, 2008
A security related question rubyonrails-talk	1	139	September 21, 2009
Filtering parameters inside arrays when logging rubyonrails-core patch	1	246	June 29, 2009

rails and security

Related topics

More Resources