Password filtering does not work
27 views
Skip to first unread message
Ronald Fischer
Sep 2, 2014, 8:27:46 AM9/2/14
to rubyonra...@googlegroups.com
In my Rails 4 application, when I have a form including a password, i.e.
<%= password_field_tag 'admpwd', nil, size:32, maxlength: 32, class:
'admentry' %>
I don't like the fact that the password is shown plain text in the log
file, and would like to disable this. I found several suggestions to
place the call
filter_parameter_logging "password"
into application.rb, but when I do it, I get the error message
undefined method `filter_parameter_logging' for
Tamsin::Application:Class
How can I do this correctly?
--
Posted via http://www.ruby-forum.com/.
<%= password_field_tag 'admpwd', nil, size:32, maxlength: 32, class:
'admentry' %>
I don't like the fact that the password is shown plain text in the log
file, and would like to disable this. I found several suggestions to
place the call
filter_parameter_logging "password"
into application.rb, but when I do it, I get the error message
undefined method `filter_parameter_logging' for
Tamsin::Application:Class
How can I do this correctly?
--
Posted via http://www.ruby-forum.com/.
Hassan Schroeder
Sep 2, 2014, 10:34:38 AM9/2/14
to rubyonrails-talk
On Tue, Sep 2, 2014 at 5:26 AM, Ronald Fischer <li...@ruby-forum.com> wrote:
> In my Rails 4 application, when I have a form including a password, i.e.
> In my Rails 4 application, when I have a form including a password, i.e.
> I don't like the fact that the password is shown plain text in the log
> file, and would like to disable this.
> file, and would like to disable this.
> How can I do this correctly?
Hint: look at your initializers.
--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
http://about.me/hassanschroeder
twitter: @hassan
Ronald Fischer
Sep 3, 2014, 5:20:39 AM9/3/14
to rubyonra...@googlegroups.com
Hassan Schroeder wrote in post #1156593:
Just for the record:
The default content of
config/initializers/filter_parameter_logging.rb
(which was probably generated automatically with my rails application)
is
Rails.application.config.filter_parameters += [:password]
Since my password field is named differently, I had to add it to this
list:
Rails.application.config.filter_parameters += [:password,:admpwd]
> On Tue, Sep 2, 2014 at 5:26 AM, Ronald Fischer <li...@ruby-forum.com>
> wrote:
>> In my Rails 4 application, when I have a form including a password, i.e.
>
>> I don't like the fact that the password is shown plain text in the log
>> file, and would like to disable this.
>
>> How can I do this correctly?
>
> Hint: look at your initializers.
Thanks, that was it!
> wrote:
>> In my Rails 4 application, when I have a form including a password, i.e.
>
>> I don't like the fact that the password is shown plain text in the log
>> file, and would like to disable this.
>
>> How can I do this correctly?
>
> Hint: look at your initializers.
Just for the record:
The default content of
config/initializers/filter_parameter_logging.rb
(which was probably generated automatically with my rails application)
is
Rails.application.config.filter_parameters += [:password]
Since my password field is named differently, I had to add it to this
list:
Rails.application.config.filter_parameters += [:password,:admpwd]
Reply all
Reply to author
Forward
0 new messages