Raphael B. <rblists@…> writes:
How can I prevent all my users’ passwords to end in the log files?
Rails logs all params, and that puts all passwords in the logs…
I’d prefer to not stop the logging
Is it possible to just not log the params? (Or can I use this method?
Peak Obsession
By default, in the development environment the logging threshold is set
to
“debug”, which shows almost everything–including user passwords
contained in
parameter hashes (scarry, isn’t it?).
Generally, this isn’t too much of a problem, though–it’s the
“development”
enviroment, after all, and when you’re doing development you usually DO
want to
see all that stuff. Fortunately, by default, the logging threshold is
set to
“info” for the production environment, which does NOT log parameter
hashes, so
all should be well and secure, for normal usage.
If for some reason you want to use a different logging level than these
defaults, you just add a line to the appropriate environment file
(config/environments/development.rb, for example) that says:
config.log_level = :info # or :error, or :warn, or whatever
That way you can set the logging level to whatever level shows you
enough
information for your needs, but not so much as to be insecure.
The reference you cite to the “silence” methods for ActiveRecord and
ActionController can be useful for temporarily changing the logging
level inside
a block of code, but it won’t work for blocking parameter hashes from
being
logged because that takes place before your ActionController object is
instantiated, so there’s nothing in your controller that silence can
wrap a
block around that would make a difference. The silence methods are
generally
only useful for stopping database field contents from being logged–but
if
you’re using salted and hashed passwords, that shouldn’t be a big deal,
anyway.
One last note: there’s an active ticket in the Rails tracking system
about a
hash that specifically hides passwords from being logged: see
http://dev.rubyonrails.org/ticket/1897.
–Forrest