[Catalyst] Re: Supressing passwords in debug messages
Byron Young
Byron.Young at riverbed.com
Mon Jan 12 18:45:57 GMT 2009
Ansgar Burchardt wrote on 2009-01-11:
> Hi,
>
> "J. Shirley" <jshirley at gmail.com> writes:
>> === lib/Catalyst.pm
>>
>> ================================================================== ---
>> lib/Catalyst.pm (revision 18145) +++ lib/Catalyst.pm (local) @@
>> -1830,7 +1830,11 @@
>>
>> if ( $c->debug && keys %{ $c->request->query_parameters } )
> {
>> my $t = Text::SimpleTable->new( [ 35, 'Parameter' ], [
> 36, 'Value' ] );
>> + my %skip = map { $_ => $_ } @{
>> + $c->config->{'Plugin::Debug'}-
>> {'skip_dump_parameters'} || []
>> + };
>> for my $key ( sort keys %{ $c->req->query_parameters } )
> {
>> + next if $skip{$key};
>> my $param = $c->req->query_parameters->{$key};
>> my $value = defined($param) ? $param : '';
>> $t->row( $key,
>
> I think it would be better to show that the parameter was sent, but
> Catalyst configured to not display its value. This can be done for
> example by displaying a value of `(hidden)'.
>
> If the parameter is simply skipped, it might be confusing if you forget
> that you configured Catalyst to not display it.
>
> Regards,
> Ansgar
>
Yeah, I agree that the parameter should be shown as sent, but just not show the value.
J Shirley - Thanks for looking into it. Let me know if there's anything I can do to help.
Thanks,
Byron
More information about the Catalyst
mailing list