Log files potentially can be exposed to a lot more people than you intend to. Such as someone who has access to your archive disk or someone who has access to your bug repository which contains a lot of log attachments.
By having access to these log files, sensitive information such as credit card number, password, and other private information could be leaked. It is always a good practice to not log these data into your log files.
To do so, update the filter_parameter_logging.rb initializer. For example:
# Filter any hash called "password" Rails.application.config.filter_parameters += [:password] # Filter any hash called "code" Rails.application.config.filter_parameters += ['code'] # Filter any hash called "code" which is a child of "credit_card". Rails.application.config.filter_parameters += ['credit_card.code']
Now you will see the value appears as "[FILTERED]" in your log files.
You might claim that sometimes these data are important for debugging. For example, you want to know a credit card number starts with 4 or 5. In this case, it is better to get the reference id from the log (such as transaction id or model id) and extract only a specific record from the database. It is safer than logging everything into the log files.