Parameter filtering
Rails keeps a log file for each environment (development, test and production) in the "log" folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The filter_parameter_logging method can be used to filter out sensitive information from the log. It works by replacing certain values in the `params` hash with "[FILTERED]" as they are written to the log. As an example, let's see how to filter all parameters with keys that include "password" :
class ApplicationController < ActionController::Base
filter_parameter_logging :password
end
The method works recursively through all levels of the params hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in return and replaces those for which the block returns true.
Articles in this guide
- Introduction
- What does a controller do?
- Parameters
- Sessions
- Cookies
- Filters
- Verification
- The request and response objects
- HTTP Basic Authentication
- Streaming and file downloads
- Parameter filtering (This article)
- Rescue
Thanks to the Ruby on Rails documentation team
This guide was written by Tore Darrell as part of the Ruby on Rails Documentation Project and is provided freely under a Creative Commons licence
