Hi,
I just noticed that when users register or login to my website (I use
restful_auth), their password gets printed out in the production.log
file. How can I prevent that? I consider this a major security issue.
SSL is used to prevent eavesdropping and passwords are stored encrypted
in DB by the way, but I never thought about log files.
On Mon, Feb 23, 2009 at 8:38 AM, Fernando P. <
[email protected]> wrote:
Hi,
I just noticed that when users register or login to my website (I use
restful_auth), their password gets printed out in the production.log
file. How can I prevent that? I consider this a major security issue.SSL is used to prevent eavesdropping and passwords are stored encrypted
in DB by the way, but I never thought about log files.
Hi, please remember google is your friend:
a) Google is your friend
b) Api Documents is also a good resource
http://api.rubyonrails.org
Note: If you search for password, you'll also find a reference for
’
filter_parameter_logging’
Good luck,
-Conrad
On Mon, Feb 23, 2009 at 10:38 AM, Fernando P. <
[email protected]> wrote:
Hi,
I just noticed that when users register or login to my website (I use
restful_auth), their password gets printed out in the production.log
file. How can I prevent that? I consider this a major security issue.SSL is used to prevent eavesdropping and passwords are stored encrypted
in DB by the way, but I never thought about log files.
In you application.rb file use
filter_parameter_logging “password”
HTH
Charles
in application.rb, insert: filter_parameter_logging “password”
On Mon, Feb 23, 2009 at 11:38 AM, Fernando P. <
Fernando,
filter_parameter_logging is your friend.
http://robbyonrails.com/articles/2007/07/16/rails-code-audit-tips-filtered-parameter-logging
Cheers,
Robby
On Mon, Feb 23, 2009 at 8:38 AM, Fernando P.
[email protected] wrote:
Posted via http://www.ruby-forum.com/.
–
Robby R.
Chief Evangelist, Partner
PLANET ARGON, LLC
design // development // hosting w/Ruby on Rails
http://robbyonrails.com/
http://twitter.com/planetargon
aim: planetargon
+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4068 [fax]
in application.rb, insert: filter_parameter_logging “password”
Thank you all for your replies. This should be included by default (or
at least commented out?) in restful_auth generator and any other
authentication plugin.
Pretty sure this is in there by default in recent versions of Rails.
(in application controller) (2.3 i believe)
On Mon, Feb 23, 2009 at 9:58 AM, Fernando P.
[email protected] wrote:
–
Robby R.
Chief Evangelist, Partner
PLANET ARGON, LLC
design // development // hosting w/Ruby on Rails
http://robbyonrails.com/
http://twitter.com/planetargon
aim: planetargon
+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4068 [fax]
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs