Even is production mode Rails logs all requests params in the log files.
The problem is this often includes things like user passwords, credit
card numbers and other data. It even displays them when the values are
POSTed. If my server is hacked it would be easy to pick this data out
of the logs by a regex or two.
Is is possible to prevent logging certain params? This seems like it
could be a troublesome security hole.