Saturday, 15 August 2015

ruby on rails - Lograge log my passwords -



ruby on rails - Lograge log my passwords -

i'm using lograge , don't know why lograge log passwords in plain text. when utilize rails logging, fields named password filtered out , replaced :password=>\"[filtered]\"

in application.rb have folloving config:

#rails logging config.filter_parameters += [:password, :verification] #lograge loging config.lograge.enabled = true config.lograge.custom_options = lambda { |event| { params: event.payload[:params] } }

here set sample log wrote lograge can see password:

method=post path=/user_sessions format=html controller= action= status=302 duration=994.36 db=561.11 location=http://site.dev/?logged=1 params={"utf8"=>"✓", "authenticity_token"=>"hoh2d6eg3ykbpmspf0edknhgqer/otcgpplaghkgsjq=", "user_session"=>{"login"=>"loggg", "password"=>"pass", "remember_me"=>"0"}}

thanks answers.

edit:

ok solved problem. application_controller added:

def append_info_to_payload(payload) super payload[:params] = request.filtered_parameters end

ruby-on-rails ruby logging

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)