[Catalyst-dev] log filtering

Bruce Keeler bruce at drangle.com
Thu Sep 4 19:26:11 BST 2008


I'd go one step further, and have that code just automatically redact 
the values of any parameters matching something like /^pass(w(or)?d)?$/i 
by default.  Logging passwords is just plain bad, there's almost never 
any valid reason to do it.

I like to leave debug logging on even for production systems.  Disk 
space isn't an issue, and it's extremely useful to be able to figure out 
exactly what a user was doing when they report a bug.

Georg Oechsler wrote:
> Hi,
>
> I need to filter the log output of an intranet app, because it 
> authenticates users against our LDAP server and it is not desired to 
> have the LDAP passwords of my colleagues in the logs - even if 
> debugging is on for only a few minutes to track down a problem.
>
> I found this topic was on the list a few years ago:
> http://lists.scsys.co.uk/pipermail/catalyst-dev/2006-January/000077.html    
>
>
> The proposed solution was to suppress output with $c->log->abort(1).
> Unfortunately this also supresses the username, which makes searching 
> logs quite painful.
>
> So i started to hack a solution for this problem. First I overode 
> prepare_body() in MyApp.pm which works fine as long as nobody touches 
> it in Catalyst.pm. Then I tried to write a plugin, but it's same 
> problem - I have to touch the plugin everytime the logic of 
> prepare_body() changes.
>
> Finally I encapsulated part of the code which writes the debug 
> information to the function debug_parameters().
> In Catalyst.pm it does what it did before, in MyApp.pm it prints out 
> whatever I like - especially no passwords.
>
> I attached a patch against Catalyst.pm Version 5.7014.
>
> What do you think of this?
>
> Georg
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev




More information about the Catalyst-dev mailing list