Thanks, I put it on the Rails Security Project: http://www.rorsecurity.info/
Great stuff. Am interested to know what the prompt is for rails also [FILTERING] out the password confirmation field? Is this parameter key a regex?
It's suggested here that you need to have both :password and :password_confirmation in the filter_parameter_logging call -
http://wiki.rubyonrails.org/rails/pages/HowtoAuthenticate
I think rails filters confirmation field automatically if you filter the password field. So you don't need to explicitly say so.
Is there a way to get the exception_notifier plugin to use the filter_parameter_logging directive?
Anyone played with exception_notifier and parameter logging?
I would be nice with an explanation of how Rails know to filter password_confirmation?
Very good cast and good solution. I am sure that many developers forget about data in logs
I think it filter both because it match the start of the strings, thought I haven't tested myself.
I mean if there is filter for password and you have password_field1, password_field2, password_field3, it will [FILTER] those 3.
but these parameters are not filtered if some exception occurs.
how filter parameters from exception log as well?







