[Catalyst] Advice Needed on Masking Sensitive Content from Logs

Ewan Edwards eskwayrd at gmail.com
Wed Apr 15 23:27:48 GMT 2009


Hi,

I have a Catalyst app, running 5.7011, and I keep the debugging log turned
on as the parameters and sequence of events is far more useful than the disk
space and request overhead, at least currently.

Recently, I've had to start accepting credit cards. I'm required to not log
them, but I'd also like to keep the debug log going. So, I've copied
Catalyst.pm's prepare_body() method into MyApp.pm, and added the following
line to the block which prepares the Text::SimpleTable output for the log:

        my $t =3D Text::SimpleTable->new( [ 35, 'Parameter' ], [ 36, 'Value=
' ]
);
        for my $key ( sort keys %{ $c->req->body_parameters } ) {
            my $param =3D $c->req->body_parameters->{$key};
            my $value =3D defined($param) ? $param : '';
+          $value =3D (grep { $key eq $_ } qw(cardnumber password)) ?
'<masked>' : $value;
            $t->row( $key,
                ref $value eq 'ARRAY' ? ( join ', ', @$value ) : $value );
        }

As you can see, I've taken the opportunity to mask the password from the log
too.

My question is: is there a better, or more Catalyst-approved way of
accomplishing this? This seemed to be the most direct/simple way, but it
would have been nice if the Text::SimpleTable stuff was in a method of its
own.

Thanks,

-- =

Ewan Edwards, eskwayrd at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090415/7facd=
8af/attachment.htm


More information about the Catalyst mailing list