[Catalyst] Re: Supressing passwords in debug messages

Byron Young Byron.Young at riverbed.com
Thu Jan 29 18:53:56 GMT 2009

Hi - I'm not sure what the repost policy on patches, but I have the feeling this one slipped through the cracks.  Let me know if it's generally annoying to repost stuff.

This is a patch that allows you to suppress printing the value of certain query or body parameters when running Catalyst in debug mode - For example, if you want to hide passwords sent from the login page, you can put this in your app config (yaml):

    - password

and the resulting log will look like:

[debug] Query Parameters are:
 | Parameter                           | Value                                |
 | password                            | (redacted by config)                 |
 | username                            | some_user                            |

There are two patches attached
  - redact-patch.diff - contains patch and test
  - cookbook-patch.diff - patch for cookbook entry about this

Thanks to J Shirley for help with this.


Byron Young wrote on 2009-01-16:
> -----Original Message-----
> From: Byron Young [mailto:Byron.Young at riverbed.com]
> Sent: Friday, January 16, 2009 6:39 PM
> To: The elegant MVC web framework
> Subject: RE: [Catalyst] Re: Supressing passwords in debug messages
> Byron Young wrote on 2009-01-12:
>> J. Shirley wrote on 2009-01-12:
>>> On Mon, Jan 12, 2009 at 2:35 PM, Byron Young
>>> <Byron.Young at riverbed.com> wrote:
>>>> J. Shirley wrote on 2009-01-12:
>>>>> On Mon, Jan 12, 2009 at 10:45 AM, Byron Young
>>>>> <Byron.Young at riverbed.com> wrote:
>> [snip]
>>>>> The patch I'm creating needs to be configured in some way, I am
>>>>> thinking at this point it can be configured as follows:
>>>>> package MyApp;
>>>>> __PACKAGE__->config(
>>>>>     'Debug' => {
>>>>>         skip_dump_parameters => 1, # Simply don't render the
>>>>>         parameters incoming, very shotgunny skip_dump_parameters =>
>>>>>         [ qw/password/ ], # Show '(redacted
>>>>> by
>>>>> config)' as the value of these fields
>>>>>     }
>>>>> );
>>>>> I'll need to bake tests for this, which there are currently no tests
>>>>> for handling the dumping of parameters so it will be a bit more. If
>>>>> someone wants to help with that, let me know and I can help guide.
>>>>> -J
>>>> I'd be happy to write some unit tests.  I haven't worked with
>> any
>>> of the Catalyst unit tests before so I'm not sure what the process is
>>> like for getting the code, setting up the test environment, making and
>>> submitting changes and unit tests, etc.  Is there a doc you can point
>>> me to?  I don't see anything in the manual or wiki.
>>>> Byron
>>>> Mostly it is just checking out the code from svn and starting.
>> The
>>> patch that I've started is at http://scsys.co.uk:8001/22410 - you can
>>> apply this to a svn checkout of
>>> http://dev.catalystframework.org/repos/Catalyst/Catalyst- Runtime/5.70
>>> It doesn't have the actual testing part, just a stub.  I'll be working
>>> on it more over today and tomorrow when I get free moments, but
>>> they're few and far between.
>>  Ditto on the lack of free time.  I'll check it out and let you know
>> what I come up with.
>> byron
> J Shirley - I finally got a chance to look at this today.  You did
> most of the work for me.  I just updated the unit test, changed the
> 'skip_dump_parameters' parameter to 'redact_parameters', and
> expanded the log_parameters() documentation a bit.  I also added a
> section to the cookbook explaining how to use the parameter.
> Attached are two patches:
>   redact-patch.diff - patch containing the new unit test and changes to
>   Catalyst.pm. cookbook-patch.diff - patch containing a new cookbook
>   section on
> this feature, for the Catalyst-Manual repository
> Anything else I need to do?
> Byron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: redact-patch.diff
Type: application/octet-stream
Size: 4631 bytes
Desc: redact-patch.diff
Url : http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090129/3d7f0f5f/redact-patch.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cookbook-patch.diff
Type: application/octet-stream
Size: 999 bytes
Desc: cookbook-patch.diff
Url : http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090129/3d7f0f5f/cookbook-patch.obj

More information about the Catalyst mailing list