I have a requirement to authenticate my app users through Active Directory. My login form captures a user''s ID and password and passes them to a net/ldap routine. I''m using form_for...|form| to create the form and form.password_field to create the password field. The password entry is encrypted on the screen but appears unencrypted in the development log in the params listing. What can I do to keep the unencrypted password from appearing in the log? Thanks, Mike --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Mike, imdwalrus wrote:> What can I do to keep the unencrypted password from > appearing in the log?I have a requirement to filter *all* user input from my logs, so this isn''t specific to passwords. This''ll get you in the ballpark, though. Inside application.rb, outside the methods if %w(production).include?(ENV[''RAILS_ENV'']) filter_parameter_logging { |k,v| v.replace '''' unless k == ''controller'' or k == ''action''} end hth, Bill --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Use filter_parameter_logging: http://api.rubyonrails.org/classes/ActionController/Base.html#M000260 You can stick this in your ApplicationController, or do it on a per- controller basis. Chris On Apr 13, 7:20 pm, "imdwalrus" <mike.r...-qRiC75TPFovQT0dZR+AlfA@public.gmane.org> wrote:> I have a requirement to authenticate my app users through Active > Directory. My login form captures a user''s ID and password and passes > them to a net/ldap routine. I''m using form_for...|form| to create > the form and form.password_field to create the password field. The > password entry is encrypted on the screen but appears unencrypted in > the development log in the params listing. > > What can I do to keep the unencrypted password from appearing in the > log? > > Thanks, > > Mike--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
That''s perfect, Chris. Thanks so much for taking the time to help me. -- Mike On Apr 13, 11:39 am, "Chris Mear" <c...-OIzkuoyqg0kAvxtiuMwx3w@public.gmane.org> wrote:> Use filter_parameter_logging: > > http://api.rubyonrails.org/classes/ActionController/Base.html#M000260 > > You can stick this in your ApplicationController, or do it on a per- > controller basis. > > Chris > > On Apr 13, 7:20 pm, "imdwalrus" <mike.r...-qRiC75TPFovQT0dZR+AlfA@public.gmane.org> wrote: > > > > > I have a requirement to authenticate my app users through Active > > Directory. My login form captures a user''s ID and password and passes > > them to anet/ldaproutine. I''m using form_for...|form| to create > > the form and form.password_field to create the password field. The > > password entry is encrypted on the screen but appears unencrypted in > > the development log in the params listing. > > > What can I do to keep the unencrypted password from appearing in the > > log? > > > Thanks, > > > Mike- Hide quoted text - > > - Show quoted text ---~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks, Bill. I really appreciate your help. On Apr 13, 11:33 am, "Bill Walton" <bill.wal...-xwVYE8SWAR3R7s880joybQ@public.gmane.org> wrote:> Hi Mike, > > imdwalrus wrote: > > What can I do to keep the unencrypted password from > > appearing in the log? > > I have a requirement to filter *all* user input from my logs, so this isn''t > specific to passwords. This''ll get you in the ballpark, though. > > Inside application.rb, outside the methods > > if %w(production).include?(ENV[''RAILS_ENV'']) > filter_parameter_logging { |k,v| v.replace '''' unless k == ''controller'' or > k == ''action''} > end > > hth, > Bill--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---