8.3. Silencing Logs
In the last chapter, we looked at how Rails log files are invaluable for debugging. The downside is that they can also be a security problem. Consider that for every incoming request, all of the request parameters are loggedin other words, written unencrypted to a plain text file on the systemdespite any authentication or encryption that may be used. For most requests, it's no big deal, but for other requests (e.g., submitting a credit card transaction) it's a critical problem.
In the previous section we discussed hashing passwords before storing them in the database, so that an intruder (or inside man) wouldn't have access to users' passwords, even if he has access to the database. But if every request's parameters are added to production.log, then the effort of hashing does no good.
Parameter logging is even more serious when accepting payments online. Payment processors generally have strict rules regarding what data can be stored at all. If an audit reveals that your logs contain Card Validation Value (CVV) informationthe three- or four-digit security codes on credit cardsthey may stop accepting payments altogether.
To suppress request parameters from the log, use the class method filter_parameter_logging in the controller. It takes any number of arguments specifying parameter keys that you want to be excluded from the logs. For example:
class OrdersController < ApplicationController filter_parameter_logging :cc_number, :cvv, :cc_date # ... end
With that in place, any time a parameter with one of those names is submitted, the actual submitted values won't be loggedthey'll be replaced by the text [FILTERED].