Password mapping in production.log

Question

Password mapping in production.log

Using Rails 2.3.8.

I added this to my controller:

  filter_parameter_logging :password, :password_confirmation

But the password is still displayed in my production and development logs. Please inform.

Processing UserSessionsController#create (for 110.159.52.119 at 2011-03-11 18:25:50) [POST]
  Parameters: {"user_session"=>{"remember_me"=>"0", "password"=>"therealpassword", "login"=>"usernamehere"}, "action"=>"create", "authenticity_token"=>"kx96Yc9sF/dYbRL8UYni2tp+p/yz6CTHw+j/X6bqh/g=", "controller"=>"user_sessions"}
[paperclip] Saving attachments.
Redirected to http://abc.com/account
Completed in 2047ms (DB: 532) | 302 Found [http://abc.com/user_session]
** Erubis 2.6.6

Thank.

+5

ruby-on-rails

Victor Mar 12 '11 at 8:42

source share

2 answers

Link for others: filter_parameter_loggingDeprecated in Rails 3.

From the tutorial project :

PREVENTING LOGIN PASSWORD We do not want passwords to be written to our log file. In Rails 2 we would change the file

application / controllers / application_controller.rb

include:

filter_parameter_logging :password, :password_confirmation

In Rails 3, this is deprecated, and instead we modify the config / application.rb file to include:

config.filter_parameters += [:password, :password_confirmation]

, filter_parameters - . "

+3

Magne 19 . '11 19:45

thomasfedb · Accepted Answer · 2011-03-19T08:20:14+0000

Add filter_parameter_loggingin UserSessionsControllerand restart the application.

Password mapping in production.log

More articles: