diff options
author | Zhang Kang <piecehealth@sina.com> | 2018-09-07 09:46:54 +0800 |
---|---|---|
committer | Zhang Kang <piecehealth@sina.com> | 2018-09-07 09:52:13 +0800 |
commit | 180dcd1bfa801ad132343c64245db606bd85ed96 (patch) | |
tree | e96e757058b3c088342e8c0681b87b9cde4ac1c3 /activerecord/CHANGELOG.md | |
parent | 736edb982856f0de04d4566f657c0c84f145e7ef (diff) | |
download | rails-180dcd1bfa801ad132343c64245db606bd85ed96.tar.gz rails-180dcd1bfa801ad132343c64245db606bd85ed96.tar.bz2 rails-180dcd1bfa801ad132343c64245db606bd85ed96.zip |
Configuration item `config.filter_parameters` could also filter out sensitive value of database column when call `#inspect`
* Why
Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g.
```ruby
@account = Account.find params[:id]
payload = { account: @account }
logger.info "payload will be #{ payload }"
```
All the information of `@account` will be exposed in log.
* Solution
Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed.
This attribute equals to `Rails.application.config.filter_parameters` by default.
```ruby
Rails.application.config.filter_parameters += [:credit_card_number]
Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...>
```
Diffstat (limited to 'activerecord/CHANGELOG.md')
-rw-r--r-- | activerecord/CHANGELOG.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index a0ab0d30bc..09af076aa8 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,12 @@ +* Configuration item `config.filter_parameters` could also filter out sensitive value of database column when call `#inspect`. + + ``` + Rails.application.config.filter_parameters += [:credit_card_number] + Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...> + ``` + + *Zhang Kang* + * Deprecate `column_name_length`, `table_name_length`, `columns_per_table`, `indexes_per_table`, `columns_per_multicolumn_index`, `sql_query_length`, and `joins_per_query` methods in `DatabaseLimits`. |