Censoring data in rails log files

Log files potentially can be exposed to a lot more people than you intend to. Such as someone who has access to your archive disk or someone who has access to your bug repository which contains a lot of log attachments.

By having access to these log files, sensitive information such as credit card number, password, and other private information could be leaked. It is always a good practice to not log these data into your log files.

To do so, update the filter_parameter_logging.rb initializer. For example:

# Filter any hash called "password"
Rails.application.config.filter_parameters += [:password]
# Filter any hash called "code"
Rails.application.config.filter_parameters += ['code']
# Filter any hash called "code" which is a child of "credit_card".
Rails.application.config.filter_parameters += ['credit_card.code'] 

Now you will see the value appears as "[FILTERED]" in your log files.

You might claim that sometimes these data are important for debugging. For example, you want to know a credit card number starts with 4 or 5. In this case, it is better to get the reference id from the log (such as transaction id or model id) and extract only a specific record from the database. It is safer than logging everything into the log files.


AI Summary
Chrome On-device AI 2024-07-20 05:58:04

Share Article