Rails and security

mrdamien · October 16, 2008, 11:26am

Hi,

I am wondering if there is a way to secure rails application logs ?

My issue is that I discovered that form parameters are shown in clear in
the logs. So when users are authenticating, you see the login and
password in clear

Processing LoginController#index (for xxxxx at 2008-10-16 11:22:43)
[POST]
Session ID: 8cb95e2e50332added5715eff9e84938
Parameters:
{“authenticity_token”=>“f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6”,
“action”=>“index”, “controller”=>“login”, “password”=>“toto”,
“login”=>“r386528”}

Is there any way to hide this ?

mrdamien · October 16, 2008, 11:29am

Regards

MR Damien escribiÃ³:

Session ID: 8cb95e2e50332added5715eff9e84938
Parameters:
{“authenticity_token”=>“f2ccf4bf93a1a334e5b3ed227eef84e12fafbbf6”,
“action”=>“index”, “controller”=>“login”, “password”=>“toto”,
“login”=>“r386528”}

Is there any way to hide this ?

/**

dagi3d v4 - http://dagi3d.net
*/

mrdamien · October 18, 2008, 2:20pm

Borja MartÃn wrote:

Ruby on Rails — Filtered parameter logging

Regards

That worked, thanks !