rails and security


MR Damien escribió:


I am wondering if there is a way to secure rails application logs ?

My issue is that I discovered that form parameters are shown in clear in the logs. So when users are authenticating, you see the login and password in clear

Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43) [POST]   Session ID: 8cb95e2e50332added5715eff9e84938   Parameters: {"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6", "action"=>"index", "controller"=>"login", "password"=>"toto", "login"=>"r386528"}

Is there any way to hide this ?   

/** * dagi3d v4 - http://dagi3d.net */

Borja Martín wrote:

Ruby on Rails — Filtered parameter logging


That worked, thanks !