Filtering Sensitive Logs
Are you accepting sensitive user data? Passwords, credit card numbers, etc. By default, Rails stores all submitted parameters in plain text in the logs. This episode will show you how to filter this sensitive input so it doesn't show up in the log file.
你是不是正在接受敏感的用户数据呢?密码,信用卡账号等等。默认情况下,rails会将所有提交的参数存储在纯文本格式的日志中。这节内容就是讲述如何过滤这些敏感的输入信息,不再显示在日志文件中。
譬如在一个注册页面中,如果你提交数据,用户名,密码。如果你提交成功,在日志中就会有这样的数据:
...
parameters: {"user"=>"Ryan", "password confirmation"=>"abc123", "password"=>"abc123"}, "commit"=>"Register", :action=>"create", "controller"=>"users"
...
解决方法:
在# controllers/application.rb文件中添加下面的代码:
filter_parameter_logging "password"