I have a requirement to authenticate my app users through Active Directory. My login form captures a user's ID and password and passes them to a net/ldap routine. I'm using form_for...|form| to create the form and form.password_field to create the password field. The password entry is encrypted on the screen but appears unencrypted in the development log in the params listing.
What can I do to keep the unencrypted password from appearing in the log?
Thanks,
Mike
Hi Mike,
imdwalrus wrote:
What can I do to keep the unencrypted password from appearing in the log?
I have a requirement to filter *all* user input from my logs, so this isn't specific to passwords. This'll get you in the ballpark, though.
Inside application.rb, outside the methods
if %w(production).include?(ENV['RAILS_ENV']) filter_parameter_logging { |k,v| v.replace '' unless k == 'controller' or k == 'action'} end
hth, Bill
Use filter_parameter_logging:
You can stick this in your ApplicationController, or do it on a per- controller basis.
Chris
That's perfect, Chris. Thanks so much for taking the time to help me.
-- Mike
Thanks, Bill. I really appreciate your help.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks