Hi,
I am wondering if there is a way to secure rails application logs ?
My issue is that I discovered that form parameters are shown in clear in
the logs. So when users are authenticating, you see the login and
password in clear
Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43)
[POST]
Session ID: 8cb95e2e50332added5715eff9e84938
Parameters:
{"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6",
"action"=>"index",
"controller"=>"login",
"password"=>"toto",
"login"=>"r386528"}
Is there any way to hide this ?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
http://weblog.rubyonrails.org/2006/8/21/filtered-parameter-logging Regards MR Damien escribió:> Hi, > > I am wondering if there is a way to secure rails application logs ? > > My issue is that I discovered that form parameters are shown in clear in > the logs. So when users are authenticating, you see the login and > password in clear > > Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43) > [POST] > Session ID: 8cb95e2e50332added5715eff9e84938 > Parameters: > {"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6", > "action"=>"index", "controller"=>"login", "password"=>"toto", > "login"=>"r386528"} > > Is there any way to hide this ? >/** * dagi3d v4 - http://dagi3d.net */ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Borja Martín wrote:> http://weblog.rubyonrails.org/2006/8/21/filtered-parameter-logging > > Regards >That worked, thanks ! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Reasonably Related Threads
- Xen private network across multiple physical servers
- How I provide a session object to Functional Tests?
- Running rails specs outside of the normal project tree
- uninitialized constant LoginController in Ruby
- Inserting authenticity token into AJAX request params