[Catalyst-dev] log filtering

Bruce Keeler bruce at drangle.com
Fri Sep 5 02:24:17 BST 2008

Wade.Stuart at fallon.com wrote:
> I do not like this, yuk.  If this is considered a good idea and moves
> forward please consider doing this only in Debug mode.  If these are
> getting generated any time besides Debug time (dumping raw params), then
> the modules dropping the log lines should be sanitized.   The auth modules
> as far as I can tell do not dump the user/pass to log.  Please don't make
> assumptions about my log lines.
Relax.  No-one is suggesting doing anything while not in Debug mode.  
I'm only suggesting sanitizing the output of the existing code which 
dumps all keys/values in the query parameters.
> For instance we have at least two apps here that dump user:password pair
> logs on failure to log in.  These passwords are md5'ed for the log entry so
> as we can tell if the user is trying different passwords,  or the same
> password over and over without compromising password secrecy.
I cannot imagine why you believe this code would be affected.


More information about the Catalyst-dev mailing list