Rails Filter Parameter Logging

May 31, 2007 Alex Chaffee

Q: How do you keep passwords from appearing in plain text in your Rails log file?

A: Filter Parameter Logging

filter_parameter_logging
=> Does nothing, just slows the logging process down

filter_parameter_logging :password
=> replaces the value to all keys matching /password/i with "[FILTERED]"

filter_parameter_logging :foo, "bar"
=> replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i }
=> reverses the value to all keys matching /secret/i

filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i }
=> reverses the value to all keys matching /secret/i, and
   replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

(Note that :password matches password_confirm too.)

About the Author

Biography

More Content by Alex Chaffee
Previous
Using Search and Replace Regular Expressions to Convert from Test::Unit to Rspec
Using Search and Replace Regular Expressions to Convert from Test::Unit to Rspec

I was just converting some Test::Unit tests to Rspec, and these regexps were handy. In one file, they hand...

Next
REST: Theory to practice
REST: Theory to practice

REST. What is it, and how can it be used to design better web applications? A presentation at RailsConf di...

How do you measure digital transformation?

Take the Benchmark