[Catalyst] Re: Supressing passwords in debug messages

J. Shirley jshirley at gmail.com
Thu Jan 29 20:41:26 GMT 2009


On Thu, Jan 29, 2009 at 12:30 PM, J. Shirley <jshirley at gmail.com> wrote:
> On Thu, Jan 29, 2009 at 10:53 AM, Byron Young <Byron.Young at riverbed.com> wrote:
>> Hi - I'm not sure what the repost policy on patches, but I have the feeling this one slipped through the cracks.  Let me know if it's generally annoying to repost stuff.
>>
>> This is a patch that allows you to suppress printing the value of certain query or body parameters when running Catalyst in debug mode - For example, if you want to hide passwords sent from the login page, you can put this in your app config (yaml):
>>
>> Debug:
>>  redact_parameters:
>>    - password
>>
>> and the resulting log will look like:
>>
>> [debug] Query Parameters are:
>>  .-------------------------------------+--------------------------------------.
>>  | Parameter                           | Value                                |
>>  +-------------------------------------+--------------------------------------+
>>  | password                            | (redacted by config)                 |
>>  | username                            | some_user                            |
>>  '-------------------------------------+--------------------------------------'
>>
>> There are two patches attached
>>  - redact-patch.diff - contains patch and test
>>  - cookbook-patch.diff - patch for cookbook entry about this
>>
>> Thanks to J Shirley for help with this.
>>
>> Thanks
>> Byron
>>
>>
>> Byron Young wrote on 2009-01-16:
>>> -----Original Message-----
>>> From: Byron Young [mailto:Byron.Young at riverbed.com]
>>> Sent: Friday, January 16, 2009 6:39 PM
>>> To: The elegant MVC web framework
>>> Subject: RE: [Catalyst] Re: Supressing passwords in debug messages
>>>
>>> Byron Young wrote on 2009-01-12:
>>>>
>>>> J. Shirley wrote on 2009-01-12:
>>>>> On Mon, Jan 12, 2009 at 2:35 PM, Byron Young
>>>>> <Byron.Young at riverbed.com> wrote:
>>>>>> J. Shirley wrote on 2009-01-12:
>>>>>>> On Mon, Jan 12, 2009 at 10:45 AM, Byron Young
>>>>>>> <Byron.Young at riverbed.com> wrote:
>>>>
>>>> [snip]
>>>>
>>>>>>> The patch I'm creating needs to be configured in some way, I am
>>>>>>> thinking at this point it can be configured as follows:
>>>>>>>
>>>>>>> package MyApp;
>>>>>>>
>>>>>>> __PACKAGE__->config(
>>>>>>>     'Debug' => {
>>>>>>>         skip_dump_parameters => 1, # Simply don't render the
>>>>>>>         parameters incoming, very shotgunny skip_dump_parameters =>
>>>>>>>         [ qw/password/ ], # Show '(redacted
>>>>>>> by
>>>>>>> config)' as the value of these fields
>>>>>>>     }
>>>>>>> );
>>>>>>>
>>>>>>> I'll need to bake tests for this, which there are currently no tests
>>>>>>> for handling the dumping of parameters so it will be a bit more. If
>>>>>>> someone wants to help with that, let me know and I can help guide.
>>>>>>>
>>>>>>> -J
>>>>>>>
>>>>>>
>>>>>> I'd be happy to write some unit tests.  I haven't worked with
>>>> any
>>>>> of the Catalyst unit tests before so I'm not sure what the process is
>>>>> like for getting the code, setting up the test environment, making and
>>>>> submitting changes and unit tests, etc.  Is there a doc you can point
>>>>> me to?  I don't see anything in the manual or wiki.
>>>>>>
>>>>>> Byron
>>>>>>
>>>>>> Mostly it is just checking out the code from svn and starting.
>>>> The
>>>>> patch that I've started is at http://scsys.co.uk:8001/22410 - you can
>>>>> apply this to a svn checkout of
>>>>> http://dev.catalystframework.org/repos/Catalyst/Catalyst- Runtime/5.70
>>>>>
>>>>> It doesn't have the actual testing part, just a stub.  I'll be working
>>>>> on it more over today and tomorrow when I get free moments, but
>>>>> they're few and far between.
>>>>>
>>>>  Ditto on the lack of free time.  I'll check it out and let you know
>>>> what I come up with.
>>>>
>>>> byron
>>>>
>>>
>>> J Shirley - I finally got a chance to look at this today.  You did
>>> most of the work for me.  I just updated the unit test, changed the
>>> 'skip_dump_parameters' parameter to 'redact_parameters', and
>>> expanded the log_parameters() documentation a bit.  I also added a
>>> section to the cookbook explaining how to use the parameter.
>>>
>>> Attached are two patches:
>>>   redact-patch.diff - patch containing the new unit test and changes to
>>>   Catalyst.pm. cookbook-patch.diff - patch containing a new cookbook
>>>   section on
>>> this feature, for the Catalyst-Manual repository
>>>
>>> Anything else I need to do?
>>>
>>> Byron
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>
> Hi Byron,
>
> Just my fault -- been busy and then sick, I'll try to get to it in the
> next few days.
>
> -J
>

Actually, scratch that.

I don't have the tuits or desire to cat herd this out.  Someone on the
core team can finish this up with you, I'm out.

-J



More information about the Catalyst mailing list