[Catalyst-dev] log filtering

Cory Bennett catalyst at corybennett.org
Fri Jan 27 18:50:04 CET 2006 

Hello!  I have recently started using Catalyst and I ran into a problem where 
I want to supress part of a log statmement.  My site has a login page and so 
when somone tries to login I see something like this in the logs:

[Fri Jan 27 02:16:00 2006] [catalyst] [debug] Body Parameters are:
.----------------------------+--------------------------.
| Key                        | Value                    |
+----------------------------+--------------------------+
| password                   | foobar                   |
| username                   | joeuser                  |
'----------------------------+--------------------------'

I am trying to figure out the best way to supress the password from being 
logged, but still arrange so my controller has access to the raw password.

In the top-level auto routine, I tried replacing $c->log(My::Logger->new()) 
where My::Logger was a sub class of Catalyst::Log.  But when I did that 
somehow magically the Body Parameters are not longer logged at all (ie debug 
does not seem to be called after I replace $c->log).  I also tried 
subclassing Catalyst::Log::Log4perl with similar results.  So there is 
obviously something I am missing in how this is supposed to work.

The current hack solution I came up with is to replace the Engine with my own.  
In my Engine, I subclass Catalyst::Engine::HTTP and just override 
prepare_body_parameters.  That routine seems to be called between my 
controller getting called and the "Body Parameters" getting logged, so my 
solution was to just overwrite the data within prepare_body_parameters.  So 
basically in the routine I do:
alias my $pw = $c->req->{_body}->{param}->{password};
$pw =~ s/./X/g if $pw;

So now I see something like this:
[Fri Jan 27 02:16:00 2006] [catalyst] [debug] Body Parameters are:
.----------------------------+--------------------------.
| Key                        | Value                    |
+----------------------------+--------------------------+
| password                   | XXXXXX                   |
| username                   | joeuser                  |
'----------------------------+--------------------------'

This works but it is just too much voodoo for me now, so I assume there is a 
better way? Any advice?

Thanks!
-Cory

More information about the Catalyst-dev mailing list