Fernando, filter_parameter_logging is your friend.
* http://robbyonrails.com/articles/2007/07/16/rails-code-audit-tips-filtered-parameter-logging Cheers, Robby On Mon, Feb 23, 2009 at 8:38 AM, Fernando Perez <[email protected]> wrote: > > Hi, > > I just noticed that when users register or login to my website (I use > restful_auth), their password gets printed out in the production.log > file. How can I prevent that? I consider this a major security issue. > > SSL is used to prevent eavesdropping and passwords are stored encrypted > in DB by the way, but I never thought about log files. > -- > Posted via http://www.ruby-forum.com/. > > > > -- Robby Russell Chief Evangelist, Partner PLANET ARGON, LLC design // development // hosting w/Ruby on Rails http://planetargon.com/ http://robbyonrails.com/ http://twitter.com/planetargon aim: planetargon +1 503 445 2457 +1 877 55 ARGON [toll free] +1 815 642 4068 [fax] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
