Forum: Ruby on Rails all passwords in logs

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
71c85a662af0764df3a77cc00db166c9?d=identicon&s=25 rblists (Guest)
on 2005-11-18 15:51
(Received via mailing list)
Hi,

A question I might have asked already but I still don't have an answer:

How can I prevent all my users' passwords to end in the log files?
Rails logs all params, and that puts all passwords in the logs....

I'd prefer to not stop the logging :-)
Is it possible to just not log the params? (Or can I use this method?
http://wiki.rubyonrails.com/rails/pages/HowtoSelec...
)

Thanks

raph
58c44a4a506d878f9a112f1d7b7cb87e?d=identicon&s=25 jeremyevans0 (Guest)
on 2005-11-18 20:02
(Received via mailing list)
On 11/18/05, Raphael Bauduin <rblists@gmail.com> wrote:
> How can I prevent all my users' passwords to end in the log files?
> Rails logs all params, and that puts all passwords in the logs....
>
> I'd prefer to not stop the logging :-)
> Is it possible to just not log the params?

See http://dev.rubyonrails.org/ticket/1897.  I've prepared a plugin
that does the same thing as the patch in that ticket, but I haven't
publicly released it yet.  I can probably put it up this weekend if
people are interested.
2ee1028723473faa763884e902ce3366?d=identicon&s=25 thiessen (Guest)
on 2005-11-19 01:28
(Received via mailing list)
Jeremy Evans <jeremyevans0@...> writes:
> See http://dev.rubyonrails.org/ticket/1897.  I've prepared a plugin
> that does the same thing as the patch in that ticket, but I haven't
> publicly released it yet.  I can probably put it up this weekend if
> people are interested.

I saw your ticket previously: it's a clever idea.  I'm of two minds on
whether
or not the problem is bad enough to justify an overall change--afterall,
by
default the logging threshold is jacked up high enough in production
mode that
parameters (including passwords)--don't get logged.  There are cases,
however,
where your change is just what's needed, and a plug-in would be the
perfect
solution.

I guess that's a long way of saying, "yes, please, people are
interested,
release the plug-in!"

--Forrest
Eea7ad39737b0dbf3de38874e0a6c7d8?d=identicon&s=25 justin (Guest)
on 2005-11-19 15:52
(Received via mailing list)
Forrest Thiessen wrote:

> [...] by
> default the logging threshold is jacked up high enough in production mode that
> parameters (including passwords)--don't get logged.

Is this documented anywhere? I was just looking in the configuration
section in the Agile Rails book for info on how to minimise logging in
production, and didn't find anything.

Trying running in production mode under WEBrick, just to see how it
behaved, I was still getting params and SQL in the production.log.

Traditionally one of the arguments in favour of using POST in web
applications has been that POSTED data doesn't appear in the server log.
I would like this to be true (or, at least, possible) for Rails
applications.

regards

   Justin
2ee1028723473faa763884e902ce3366?d=identicon&s=25 thiessen (Guest)
on 2005-11-19 18:47
(Received via mailing list)
Justin Forder <justin@...> writes:

> > [...] by
> > default the logging threshold is jacked up high enough in production mode
> > that parameters (including passwords)--don't get logged.
>
> Is this documented anywhere? I was just looking in the configuration
> section in the Agile Rails book for info on how to minimise logging in
> production, and didn't find anything.
>
> Trying running in production mode under WEBrick, just to see how it
> behaved, I was still getting params and SQL in the production.log.


The only place I've seen it documented is in comments in the
config/environment.rb file, where it says:
  # Force all environments to use the same logger level
  # (by default production uses :info, the others :debug)
  # config.log_level = :debug

I didn't try running on production (I'm still developing my app ;) ),
but I
tried inserting
  config.log_level = :info
into environment.rb, and parameter values were no longer written to the
log file
(and neither was almost anything else).  So I can confirm that the
mechanism is
there and that it works, but I haven't actually tested the statement in
the
comments that "by default production uses :info".

--Forrest
132a94ca65959bda6c74fae54bff2425?d=identicon&s=25 ezra (Guest)
on 2005-11-19 22:13
(Received via mailing list)
On Nov 19, 2005, at 9:43 AM, Forrest Thiessen wrote:

>> production, and didn't find anything.
>
> comments that "by default production uses :info".
>
> --Forrest
>

Hey-

	I am using this snippet in environment.rb to set the production log
level to FATAL so that only real errors and stack traces go to the
production.log. But keep in mind that the app I am using this in is
running on rails .13.1. I'm not sure if it is still valid to use in .
14.3:

# Configure defaults if the included environment did not.
begin
   RAILS_DEFAULT_LOGGER = Logger.new("#{RAILS_ROOT}/log/#
{RAILS_ENV}.log")
   RAILS_DEFAULT_LOGGER.level = (RAILS_ENV == 'production' ?
Logger::FATAL : Logger::DEBUG)
rescue StandardError
   RAILS_DEFAULT_LOGGER = Logger.new(STDERR)
   RAILS_DEFAULT_LOGGER.level = Logger::WARN
   RAILS_DEFAULT_LOGGER.warn(
     "Rails Error: Unable to access log file. Please ensure that log/#
{RAILS_ENV}.log exists and is chmod 0666. " +
     "The log level has been raised to WARN and the output directed
to STDERR until the problem is fixed."
   )
end


HTH-

-Ezra Zygmuntowicz
WebMaster
Yakima Herald-Republic Newspaper
ezra@yakima-herald.com
509-577-7732
2ee1028723473faa763884e902ce3366?d=identicon&s=25 thiessen (Guest)
on 2005-11-20 22:44
(Received via mailing list)
Raphael Bauduin <rblists@...> writes:
> How can I prevent all my users' passwords to end in the log files?
> Rails logs all params, and that puts all passwords in the logs....
>
> I'd prefer to not stop the logging
> Is it possible to just not log the params? (Or can I use this method?
> http://wiki.rubyonrails.com/rails/pages/HowtoSelec...

By default, in the development environment the logging threshold is set
to
"debug", which shows almost everything--including user passwords
contained in
parameter hashes (scarry, isn't it?).

Generally, this isn't too much of a problem, though--it's the
"development"
enviroment, after all, and when you're doing development you usually DO
want to
see all that stuff.  Fortunately, by default, the logging threshold is
set to
"info" for the production environment, which does NOT log parameter
hashes, so
all should be well and secure, for normal usage.

If for some reason you want to use a different logging level than these
defaults, you just add a line to the appropriate environment file
(config/environments/development.rb, for example) that says:
   config.log_level = :info    # or :error, or :warn, or whatever
That way you can set the logging level to whatever level shows you
enough
information for your needs, but not so much as to be insecure.

The reference you cite to the "silence" methods for ActiveRecord and
ActionController can be useful for temporarily changing the logging
level inside
a block of code, but it won't work for blocking parameter hashes from
being
logged because that takes place before your ActionController object is
instantiated, so there's nothing in your controller that silence can
wrap a
block around that would make a difference.  The silence methods are
generally
only useful for stopping database field contents from being logged--but
if
you're using salted and hashed passwords, that shouldn't be a big deal,
anyway.

One last note: there's an active ticket in the Rails tracking system
about a
hash that specifically hides passwords from being logged: see
http://dev.rubyonrails.org/ticket/1897.

--Forrest
2ad1c05e8fa25d4ca9dc218fa33d2d14?d=identicon&s=25 mat (Guest)
on 2005-11-20 23:12
(Received via mailing list)
+-Le 18/11/2005 15:48 +0100, Raphael Bauduin a dit :
| Hi,
|
| A question I might have asked already but I still don't have an answer:
|
| How can I prevent all my users' passwords to end in the log files?
| Rails logs all params, and that puts all passwords in the logs....

You could do something like digest-md5 or cram-md5 with the client side
in
javascript. I did that some time ago for some company who did not want
root
to be able to see the passwords travel anywhere :-)
This topic is locked and can not be replied to.