[Catalyst] Re: Supressing passwords in debug messages

Byron Young Byron.Young at riverbed.com
Fri Jan 30 22:20:20 GMT 2009

Tomas Doran wrote on 2009-01-29:
> On 29 Jan 2009, at 18:53, Byron Young wrote:
>> Hi - I'm not sure what the repost policy on patches, but I have the
>> feeling this one slipped through the cracks.  Let me know if it's
>> generally annoying to repost stuff.
> No, reposting if things get dropped on the floor good :)
> If you have time, then arriving on #catalyst-dev and making noise
> also gets stuff done.
>> This is a patch that allows you to suppress printing the value of
>> certain query or body parameters when running Catalyst in debug
>> mode - For example, if you want to hide passwords sent from the
>> login page, you can put this in your app config (yaml):
>  Having been discussed in #catalyst-dev, we think that the patch could
> be made both more generic, and more elegant.
> The key thing is to split the table drawing, and the data filtering
> into separate methods (maybe filter_debug_data?).
> This would then allow you to filter per-type, and support things such as
>  redact_parameters (all), redact_body_parameters,
> redact_query_parameters, and even potentially to add support for
> filtering things like the URI (I can see use-cases where that'd be
> significant - e.g. not wanting to log session IDs which are in URIs)..
> Have a look at the way the debug screen stuff works (in
> Catalyst::Engine), this is more elegant and would also benefit from
> being able to have things redacted I guess - as with the current
> patch, you're going to display the things you're redacting in the
> logs to the end user...
> Cheers
> t0m


Thanks for the feedback.  I think you're referring to $c->dump_these() and it's usage in finalize_error().  I'll refactor log_parameters() to call a separate method that will return the params to log, akin to dump_these().  Not sure when I'll have time for it since my current solution is working for me and I have some big deadlines coming up.  Hopefully within the next month.


More information about the Catalyst mailing list