search for: filter_logged_params

Even is production mode Rails logs all requests params in the log files. The problem is this often includes things like user passwords, credit card numbers and other data. It even displays them when the values are POSTed. If my server is hacked it would be easy to pick this data out of the logs by a regex or two. Is is possible to prevent logging certain params? This seems like it could

Hi all- I am building an application that includes a login screen. During development I found that user passwords are logged by Rails in plain text -- this will not be acceptable to my users. Is there a way to obscure/encrypt incoming password parameters or not write them to the log files at all? One thought was to use Javascript, but I was not sure how secure that would be. Thanks, Josh