Using Rails 2.3.8.
I have added this in my controller:
filter_parameter_logging :password, :password_confirmation
But password is still showing in my production and development logs. Please advise.
Processing UserSessionsController#create (for 110.159.52.119 at 2011-03-11 18:25:50) [POST]
Parameters: {"user_session"=>{"remember_me"=>"0", "password"=>"therealpassword", "login"=>"usernamehere"}, "action"=>"create", "authenticity_token"=>"kx96Yc9sF/dYbRL8UYni2tp+p/yz6CTHw+j/X6bqh/g=", "controller"=>"user_sessions"}
[paperclip] Saving attachments.
Redirected to http://abc.com/account
Completed in 2047ms (DB: 532) | 302 Found [http://abc.com/us开发者_开发百科er_session]
** Erubis 2.6.6
Thanks.
For others' reference: filter_parameter_logging is deprecated in Rails 3.
From the Devise tutorial:
" PREVENT LOGGING OF PASSWORDS We don’t want passwords written to our log file. In Rails 2, we would change the file
app/controllers/application_controller.rb
to include:
filter_parameter_logging :password, :password_confirmation
In Rails 3, this is deprecated and instead we modify the file config/application.rb to include:
config.filter_parameters += [:password, :password_confirmation]
Note that filter_parameters is an array. "
Add filter_parameter_logging to the UserSessionsController and restart you app.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论