[Catalyst] Re: Supressing passwords in debug messages

J. Shirley jshirley at gmail.com
Thu Jan 29 20:30:52 GMT 2009 

On Thu, Jan 29, 2009 at 10:53 AM, Byron Young <Byron.Young at riverbed.com> wrote:
> Hi - I'm not sure what the repost policy on patches, but I have the feeling this one slipped through the cracks.  Let me know if it's generally annoying to repost stuff.
>
> This is a patch that allows you to suppress printing the value of certain query or body parameters when running Catalyst in debug mode - For example, if you want to hide passwords sent from the login page, you can put this in your app config (yaml):
>
> Debug:
>  redact_parameters:
>    - password
>
> and the resulting log will look like:
>
> [debug] Query Parameters are:
>  .-------------------------------------+--------------------------------------.
>  | Parameter                           | Value                                |
>  +-------------------------------------+--------------------------------------+
>  | password                            | (redacted by config)                 |
>  | username                            | some_user                            |
>  '-------------------------------------+--------------------------------------'
>
> There are two patches attached
>  - redact-patch.diff - contains patch and test
>  - cookbook-patch.diff - patch for cookbook entry about this
>
> Thanks to J Shirley for help with this.
>
> Thanks
> Byron
>
>
> Byron Young wrote on 2009-01-16:
>> -----Original Message-----
>> From: Byron Young [mailto:Byron.Young at riverbed.com]
>> Sent: Friday, January 16, 2009 6:39 PM
>> To: The elegant MVC web framework
>> Subject: RE: [Catalyst] Re: Supressing passwords in debug messages
>>
>> Byron Young wrote on 2009-01-12:
>>>
>>> J. Shirley wrote on 2009-01-12:
>>>> On Mon, Jan 12, 2009 at 2:35 PM, Byron Young
>>>> <Byron.Young at riverbed.com> wrote:
>>>>> J. Shirley wrote on 2009-01-12:
>>>>>> On Mon, Jan 12, 2009 at 10:45 AM, Byron Young
>>>>>> <Byron.Young at riverbed.com> wrote:
>>>
>>> [snip]
>>>
>>>>>> The patch I'm creating needs to be configured in some way, I am
>>>>>> thinking at this point it can be configured as follows:
>>>>>>
>>>>>> package MyApp;
>>>>>>
>>>>>> __PACKAGE__->config(
>>>>>>     'Debug' => {
>>>>>>         skip_dump_parameters => 1, # Simply don't render the
>>>>>>         parameters incoming, very shotgunny skip_dump_parameters =>
>>>>>>         [ qw/password/ ], # Show '(redacted
>>>>>> by
>>>>>> config)' as the value of these fields
>>>>>>     }
>>>>>> );
>>>>>>
>>>>>> I'll need to bake tests for this, which there are currently no tests
>>>>>> for handling the dumping of parameters so it will be a bit more. If
>>>>>> someone wants to help with that, let me know and I can help guide.
>>>>>>
>>>>>> -J
>>>>>>
>>>>>
>>>>> I'd be happy to write some unit tests.  I haven't worked with
>>> any
>>>> of the Catalyst unit tests before so I'm not sure what the process is
>>>> like for getting the code, setting up the test environment, making and
>>>> submitting changes and unit tests, etc.  Is there a doc you can point
>>>> me to?  I don't see anything in the manual or wiki.
>>>>>
>>>>> Byron
>>>>>
>>>>> Mostly it is just checking out the code from svn and starting.
>>> The
>>>> patch that I've started is at http://scsys.co.uk:8001/22410 - you can
>>>> apply this to a svn checkout of
>>>> http://dev.catalystframework.org/repos/Catalyst/Catalyst- Runtime/5.70
>>>>
>>>> It doesn't have the actual testing part, just a stub.  I'll be working
>>>> on it more over today and tomorrow when I get free moments, but
>>>> they're few and far between.
>>>>
>>>  Ditto on the lack of free time.  I'll check it out and let you know
>>> what I come up with.
>>>
>>> byron
>>>
>>
>> J Shirley - I finally got a chance to look at this today.  You did
>> most of the work for me.  I just updated the unit test, changed the
>> 'skip_dump_parameters' parameter to 'redact_parameters', and
>> expanded the log_parameters() documentation a bit.  I also added a
>> section to the cookbook explaining how to use the parameter.
>>
>> Attached are two patches:
>>   redact-patch.diff - patch containing the new unit test and changes to
>>   Catalyst.pm. cookbook-patch.diff - patch containing a new cookbook
>>   section on
>> this feature, for the Catalyst-Manual repository
>>
>> Anything else I need to do?
>>
>> Byron
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>

Hi Byron,

Just my fault -- been busy and then sick, I'll try to get to it in the
next few days.

-J

More information about the Catalyst mailing list