On Mon, Feb 23, 2009 at 10:38 AM, Fernando Perez < [email protected]> wrote:
> > Hi, > > I just noticed that when users register or login to my website (I use > restful_auth), their password gets printed out in the production.log > file. How can I prevent that? I consider this a major security issue. > > SSL is used to prevent eavesdropping and passwords are stored encrypted > in DB by the way, but I never thought about log files. In you application.rb file use filter_parameter_logging "password" HTH Charles --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
