我正在應用程序控制器中創建日誌記錄方法。我有以下設置,但由於某種原因,我的參數篩選器沒有篩選密碼。什麼不見了?我如何確保我的應用程序安全並且所有密碼參數都被過濾了?密碼無效的參數篩選器(Ruby on Rails)
配置/ applicaton.rb
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password]
的一個應用控制器
before_filter :record_activity
def record_activity(note = nil)
@activity={}
@activity['user'] = current_user
@activity['note'] = note
@activity['browser'] = request.env['HTTP_USER_AGENT']
@activity['ip_address'] = request.env['REMOTE_ADDR']
@activity['controller'] = controller_name
@activity['action'] = action_name
@activity['params'] = log_filter(params.inspect)
p @activity
end
輸出TERMINAL
15:39:38 web.1 |
{"user"=>nil,
"note"=>nil,
"browser"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0",
"ip_address"=>"127.0.0.1",
"controller"=>"sessions",
"action"=>"create",
"params"=>"{\"utf8\"=>\"✓\", \"authenticity_token\"=>\"dYofOQ64sTajNVn2JiJWVM+E3kz5jCGazrYBObukBAQ=\",
\"user\"=>{\"email\"=>\"[email protected]\",
\"password\"=>\"thepasswordexposed\",
\"remember_me\"=>\"0\"},
\"commit\"=>\"Login\",
\"action\"=>\"create\",
\"controller\"=>\"sessions\"}"}
* 編輯:* 我已經添加了以下,但它仍然無法正常工作,任何建議?
def log_filter(hash)
filters = Rails.application.config.filter_parameters
f = ActionDispatch::Http::ParameterFilter.new filters
f.filter hash
end
錯誤上線36 ...
NoMethodError at /users/sign_in
undefined method `each' for #<String:0x007fa0280b3a68>
36 f.filter hash
答:
我的解決辦法如下,我需要刪除.inspect,並開始工作。
def record_activity(note = nil)
@activity={}
@activity['user'] = current_user
@activity['note'] = note
@activity['browser'] = request.env['HTTP_USER_AGENT']
@activity['ip_address'] = request.env['REMOTE_ADDR']
@activity['controller'] = controller_name
@activity['action'] = action_name
@activity['params'] = params
p @activity
end
您是否重新啓動導軌控制檯? – Zabba 2013-04-27 21:06:13
是的,但不起作用。 – user2012677 2013-04-27 21:09:59