Rails and security


#1

Hi,

I am wondering if there is a way to secure rails application logs ?

My issue is that I discovered that form parameters are shown in clear in
the logs. So when users are authenticating, you see the login and
password in clear

Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43)
[POST]
Session ID: 8cb95e2e50332added5715eff9e84938
Parameters:
{“authenticity_token”=>“f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6”,
“action”=>“index”, “controller”=>“login”, “password”=>“toto”,
“login”=>“r386528”}

Is there any way to hide this ?


#2

http://weblog.rubyonrails.org/2006/8/21/filtered-parameter-logging

Regards

MR Damien escribió:

Session ID: 8cb95e2e50332added5715eff9e84938
Parameters:
{“authenticity_token”=>“f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6”,
“action”=>“index”, “controller”=>“login”, “password”=>“toto”,
“login”=>“r386528”}

Is there any way to hide this ?

/**


#3

Borja Martín wrote:

http://weblog.rubyonrails.org/2006/8/21/filtered-parameter-logging

Regards

That worked, thanks !