Hi,
I''m using the negative_captcha plugin for my signup form on a website,
and I''d like to have the parameters filtered out in my logs.
My problem is : negative_captcha replaces the parameters names with some
md5 hashes in a before_filter and leaves the uncrypted parameter as a
honeypot to identify bots.
So if I use filter_parameter_logging :password, I end up with this line
in my logs :
Parameters: {...
"829334b5e733bd4eefa3d2e02337a7e1"=>"PASSWORD",
"password" => "[FILTERED]" ...}
That''s obviously not what I want. I thought I could add
@captcha.fields[:password] as a parameter, but filter_parameter_logging
is a Class method so @captcha is nil when it''s called.
I''m out of idea for this, would anyone have a solution or some tips
about this ?
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2010-Apr-25 15:14 UTC
Re: filter_parameter_logging on "dynamic" parameters
On Apr 25, 3:53 pm, Olivier Lance <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> That''s obviously not what I want. I thought I could add > @captcha.fields[:password] as a parameter, but filter_parameter_logging > is a Class method so @captcha is nil when it''s called. > > I''m out of idea for this, would anyone have a solution or some tips > about this ?If you give filter_parameter_logging a block it will yield parameter names/values to that block and you can make the decision to filter on a case by case basis. Is that enough for you ? Fred> -- > Posted viahttp://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks for the quick reply :)> If you give filter_parameter_logging a block it will yield parameter > names/values to that block and you can make the decision to filter on > a case by case basis. Is that enough for you ?I''ve tried this, but again the fact that filter_parameter_logging is a class method does not help... filter_parameter_logging (:some, :other, :parameters) { |k,v] v.replace "[FILTERED]" if @captcha.fields.include? k } raises an exception saying @captcha is nil. Which is normal, as it is initialized in a before_filter invoked after the call to filter_parameter_logging... -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
what I didn''t mention and is the core of this problem, is that those captcha parameters are salted, so they are different for each and every client. That''s why I need to access the initialized @captcha object... -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2010-Apr-25 16:21 UTC
Re: filter_parameter_logging on "dynamic" parameters
On Apr 25, 4:20 pm, Olivier Lance <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Thanks for the quick reply :) > > > If you give filter_parameter_logging a block it will yield parameter > > names/values to that block and you can make the decision to filter on > > a case by case basis. Is that enough for you ? > > I''ve tried this, but again the fact that filter_parameter_logging is a > class method does not help... > > filter_parameter_logging (:some, :other, :parameters) { |k,v] > v.replace "[FILTERED]" if @captcha.fields.include? k > > } > > raises an exception saying @captcha is nil. Which is normal, as it is > initialized in a before_filter invoked after the call to > filter_parameter_logging...Is it not possible to work out whether a parameter name looks like a captcha parameters ? Failing that, all filter_parameter_logging does is define an instance method called filter_parameters - you could define such a method without the help of filter_parameter_logging (although you might want to inspire your self from the source for filter_parameter_logging to understand what the filter_parameters method should look like) Fred> -- > Posted viahttp://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hi Fred, I''m sorry I took so long to answer, I was busy with other developments... Thanks for the filter_parameters idea, that was the solution for me. Guessing whether a parameter name is a captcha worked well too but I couldn''t be selective enough: I had to filter all parameters looking like a MD5 hash, whereas I''d like to keep emails appearing in my logs on signups in case I have to trace back a problem from a user. So I defined a filter_parameters method, which is mainly taken from Rails source. I defined my parameter_filter out of a constant array to emulate filter_parameter_logging mechanism. This array contains the params names I was giving to filter_parameter_logging, plus the captcha params I want to filter out. I actually don''t know how and why my own filter_parameters method gets called. Any pointer on that? Would you know of any way to keep a filter-like way of calling this? (like adding my_own_filter_parameter_logging :param1, :param2) Thanks for your help! Olivier Frederick Cheung wrote:> On Apr 25, 4:20�pm, Olivier Lance <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> � v.replace "[FILTERED]" if @captcha.fields.include? k >> >> } >> >> raises an exception saying @captcha is nil. Which is normal, as it is >> initialized in a before_filter invoked after the call to >> filter_parameter_logging... > > Is it not possible to work out whether a parameter name looks like a > captcha parameters ? Failing that, all filter_parameter_logging does > is define an instance method called filter_parameters - you could > define such a method without the help of filter_parameter_logging > (although you might want to inspire your self from the source for > filter_parameter_logging to understand what the filter_parameters > method should look like) > > Fred-- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.