Forum: Ruby on Rails rails and security

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
9e8274f1e5340cc2efe0e4bc2f83121f?d=identicon&s=25 MR Damien (mrdamien)
on 2008-10-16 11:26
Hi,

I am wondering if there is a way to secure rails application logs ?

My issue is that I discovered that form parameters are shown in clear in
the logs. So when users are authenticating, you see the login and
password in clear

Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43)
[POST]
  Session ID: 8cb95e2e50332added5715eff9e84938
  Parameters:
{"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6",
"action"=>"index", "controller"=>"login", "password"=>"toto",
"login"=>"r386528"}

Is there any way to hide this ?
90ea347c45cdfbc1c5767dd6304d9c10?d=identicon&s=25 Borja Martín (Guest)
on 2008-10-16 11:29
(Received via mailing list)
http://weblog.rubyonrails.org/2006/8/21/filtered-p...

Regards

MR Damien escribió:
>   Session ID: 8cb95e2e50332added5715eff9e84938
>   Parameters:
> {"authenticity_token"=>"f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6",
> "action"=>"index", "controller"=>"login", "password"=>"toto",
> "login"=>"r386528"}
>
> Is there any way to hide this ?
>
/**
 * dagi3d v4 - http://dagi3d.net
 */
9e8274f1e5340cc2efe0e4bc2f83121f?d=identicon&s=25 MR Damien (mrdamien)
on 2008-10-18 14:20
Borja Martín wrote:
> http://weblog.rubyonrails.org/2006/8/21/filtered-p...
>
> Regards
>

That worked, thanks !
This topic is locked and can not be replied to.