aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable
diff options
context:
space:
mode:
authorZhang Kang <piecehealth@sina.com>2018-09-07 09:46:54 +0800
committerZhang Kang <piecehealth@sina.com>2018-09-07 09:52:13 +0800
commit180dcd1bfa801ad132343c64245db606bd85ed96 (patch)
treee96e757058b3c088342e8c0681b87b9cde4ac1c3 /actioncable
parent736edb982856f0de04d4566f657c0c84f145e7ef (diff)
downloadrails-180dcd1bfa801ad132343c64245db606bd85ed96.tar.gz
rails-180dcd1bfa801ad132343c64245db606bd85ed96.tar.bz2
rails-180dcd1bfa801ad132343c64245db606bd85ed96.zip
Configuration item `config.filter_parameters` could also filter out sensitive value of database column when call `#inspect`
* Why Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g. ```ruby @account = Account.find params[:id] payload = { account: @account } logger.info "payload will be #{ payload }" ``` All the information of `@account` will be exposed in log. * Solution Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed. This attribute equals to `Rails.application.config.filter_parameters` by default. ```ruby Rails.application.config.filter_parameters += [:credit_card_number] Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...> ```
Diffstat (limited to 'actioncable')
0 files changed, 0 insertions, 0 deletions