#9
Mar 23, 2007

Filtering Sensitive Logs

Are you accepting sensitive user data? Passwords, credit card numbers, etc. By default, Rails stores all submitted parameters in plain text in the logs. This episode will show you how to filter this sensitive input so it doesn't show up in the log file.
Tags: security
Download (8 MB, 2:42)
alternative download for iPod & Apple TV (4.6 MB, 2:42)
# controllers/application.rb
filter_parameter_logging "password"

RSS Feed for Episode Comments 16 comments

1. Heiko Webers Apr 23, 2007 at 01:11

Thanks, I put it on the Rails Security Project: http://www.rorsecurity.info/


2. gad May 12, 2007 at 14:43

good tip


3. chineseGuy May 12, 2007 at 21:43

filter_parameter_logging "password"
good tip


4. Rob Nov 13, 2007 at 06:59

Great stuff. Am interested to know what the prompt is for rails also [FILTERING] out the password confirmation field? Is this parameter key a regex?

It's suggested here that you need to have both :password and :password_confirmation in the filter_parameter_logging call -

http://wiki.rubyonrails.org/rails/pages/HowtoAuthenticate


5. tayfun Jan 16, 2008 at 06:45

I think rails filters confirmation field automatically if you filter the password field. So you don't need to explicitly say so.


6. Aditya Sanghi Jun 08, 2008 at 14:03

Is there a way to get the exception_notifier plugin to use the filter_parameter_logging directive?

Anyone played with exception_notifier and parameter logging?


7. troelskn Nov 14, 2008 at 12:31

I would be nice with an explanation of how Rails know to filter password_confirmation?


8. indirmeden izle Aug 07, 2009 at 15:20

Very good cast and good solution. I am sure that many developers forget about data in logs


9. tyoc Aug 31, 2009 at 07:59

I think it filter both because it match the start of the strings, thought I haven't tested myself.

I mean if there is filter for password and you have password_field1, password_field2, password_field3, it will [FILTER] those 3.


10. ergun Oct 14, 2009 at 06:35

www.elitdizi.com

nice


11. cafedizi Nov 02, 2009 at 13:34

thxxxx


12. sinema izle Nov 23, 2009 at 22:12

eyvallah babacanlar


13. mani Dec 15, 2009 at 23:28

but these parameters are not filtered if some exception occurs.

how filter parameters from exception log as well?


14. filmizle Jan 05, 2010 at 06:09

saolun lan ibneler


15. sitene ekle Jan 17, 2010 at 09:54

thanks


16. filmizle Feb 03, 2010 at 12:10

bedava filmler izle


17. Kara Büyü Mar 13, 2010 at 06:34

thanks


18. filmizle24 Jul 25, 2010 at 09:05

Keep blogging. Looking forward to reading your next post. nice sharing.


19. Sid Jul 29, 2010 at 12:19

This doesn't seem to work for things that go through delayed jobs. any ideas on how to fix this?


20. tiffany notes Jul 30, 2010 at 00:59

Great site. This could probably have the refactoring tag added t it.


21. everything Aug 01, 2010 at 00:03

thansssssss
<a href="http://everythingherecome.blogspot.com/">everything</a>


22. Men’s belts Aug 04, 2010 at 20:15

<a href="http://mens-belts.net/">Men’s belts</a>, <a href="http://mens-belts.net/">LV men’s belts</a>, Fashionable <a href="http://mens-belts.net/">Gucci men’s belts</a>, Attractive style <a href="http://mens-belts.net/">Hermes men’s belts</a>.<br>


24. power strip Aug 08, 2010 at 16:37

I am totally agree with your oppinion.this blog post is very encouraging to people who want to know these topics.


24. Lemonade Diet Aug 10, 2010 at 03:36

This will come in handy. Thanks for the tutorial.


25. free directory list Aug 11, 2010 at 22:15

Thanks for blog!!!!Its very nice!!!


26. p90 workout Aug 12, 2010 at 09:18

I found your blog on Yahoo and I just wanted to say that I think your writing is simply stunning! Thanks again for providing this content for free.


27. uggs online Aug 13, 2010 at 22:13

Article is very nicely written.


28. mbt shoes sale Aug 14, 2010 at 18:32

It is a nice article,i appreciate it,i will keep it on my dashboad.


29. mbt sport shoes Aug 14, 2010 at 18:37

I just want to say the spirit is positive,but the content is simply.


30. authentic nike shoes Aug 16, 2010 at 00:18

Very good cast and good solution. I found your blog on Yahoo and I just wanted to say that I think your writing is simply stunning!


31. supra tk society Aug 18, 2010 at 18:52

good job,good article


31. supra tk society Aug 18, 2010 at 18:52

good job,good article


32. Komedi Filmleri Aug 24, 2010 at 07:20

Hello

Very good site ! Sharing is nice. Thanks for sharing.


33. louis vuitton shoes Aug 26, 2010 at 21:10

Thanks for sharing your article. I really enjoyed it. I put a link to my site to here so other people can read it. My readers have about the same interets


34. snow boots Aug 31, 2010 at 02:11

I am sure that many developers forget about data in logs


35. GHD Hair Straighteners Sep 01, 2010 at 01:50

Hope to come here again


36. GHD Australia Sep 01, 2010 at 01:51

Perfect


37. Cheap Supra Shoes Sep 01, 2010 at 01:53

good place to learn new things


38. louis vuitton sunglasses Sep 01, 2010 at 21:30

I agree with your Blog and I will be back to check it more in the future so please keep up your work. I love your content & the way that you write. It looks like you’ve been doing this for a while now, how long have you been blogging for?

Add your comment:

(SKIP THIS ONE)

(required)

(not shown)


(use pastie or gist for code)

sponsored by:
if you want to help:
required:
Get Quicktime Player
Give Back to Open Source