Thanks matt. It worked for most of the cases, however, one of my apps
shows the log like this:
merb : worker (port 4042) ~ Routed to: {"action"=>"create_users",
"controller"=>"users", "id" => "test", "password" => "111111"}
merb : worker (port 4042) ~ Params: {"action"=>"create_users",
"controller"=>"users", "id" => "test", "password" => "[FILTERED]"}
I used the password filter like:
log_params_filtered :password
The password was filtered on the Params line but still shown in the
Routed to line.
Have anybody seen this and had a solution? Thanks.
On Jan 14, 2:10 pm, mattalbright <[email protected]> wrote:
> gem install merb-param-protection
>
> http://www.merbivore.com/documentation/1.0/doc/rdoc/merb-param-protec...
>
> matt
>
> On Jan 14, 1:17 pm, NY <[email protected]> wrote:
>
> > For example, for a password field on the web page, I want the value of
> > the param to be passed to the controller by using params[:password] in
> > the controller, but I don't want this to show up in the log output
> > like:
>
> > Params: {"format"=>nil, "action"=>"show", "id"=>"foo",
> > "controller"=>"users", "password" => "123456"}
>
> > Is there an easy way to mask or remove the "password" param from the
> > log output and still be able to use it in the controller?
>
> > Thanks.
--
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/merb?hl=en.
