in application.rb, insert: filter_parameter_logging "password" On Mon, Feb 23, 2009 at 11:38 AM, Fernando Perez < [email protected]> wrote:
> > Hi, > > I just noticed that when users register or login to my website (I use > restful_auth), their password gets printed out in the production.log > file. How can I prevent that? I consider this a major security issue. > > SSL is used to prevent eavesdropping and passwords are stored encrypted > in DB by the way, but I never thought about log files. > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
