filtering params

Daniel's Avatar

Daniel

11 Aug, 2010 03:45 PM

How can I configure exceptional so that it filters sensitive customer information such as passwords?

  1. 1 Posted by Wal McConnell on 12 Aug, 2010 09:16 PM

    Wal McConnell's Avatar

    Hi Daniel,

    What framework are you using ? On rails if you are using the action controller filter parameter functionality then the params will be filtered automatically.

    cheers,
    Wal

  2. 2 Posted by Daniel on 12 Aug, 2010 09:37 PM

    Daniel's Avatar

    It's being filtered in my logs, but not filtered in the errors on the exceptional side.

    When I open the exception I see things that should not be seen.

  3. 3 Posted by Wal McConnell on 17 Aug, 2010 02:53 PM

    Wal McConnell's Avatar

    Hi Daniel,

    this should certainly work as is, what version of rails are you using ?

    Wal

  4. 4 Posted by David Neubauer on 10 Feb, 2012 04:04 AM

    David Neubauer's Avatar

    I'm now having this same issue, my logs show FILTERED but my exceptional reports are not getting filtered which is REALLY bad. Could it be that it only behaves this way from development and maybe won't do this on my alpha environment?

    I need to filter out the entire :account sub object here.

    This is what's getting posted to exceptional
    { "utf8" : "✓", "authenticity_token" : "o44XS8QeuFWQEFGmVYBjo/fdI0TYkxQdQ/Q/Jdrx3Wk=", "account" : { "0" : { "name" : "LOGIN", "value" : "adfad", } "1" : { "name" : "PASSWORD", "value" : "asda", } } "user_id" : "56", "email" : "[email blocked]", }

    In my controller i'm doing
    params.delete :account

    And in application.rb i have
    config.filter_parameters += [:password,:account]

    In my log it reads
    Started POST "/accounts/bank_login" for 127.0.0.1 at 2012-02-09 19:54:46 -0800
    Processing by AccountsController#bank_login as JS Parameters: {"utf8"=>"✓", "authenticity_token"=>"o44XS8QeuFWQEFGmVYBjo/fdI0TYkxQdQ/Q/Jdrx3Wk=", "account"=>"[FILTERED]"}

  5. 5 Posted by colleen on 11 Mar, 2012 03:22 AM

    colleen's Avatar

    Hello David,
    Your message was caught in our spam folder - sorry for the late reply. To filter sensitive data, check this out: http://docs.exceptional.io/extras/filters/.
    Cheers,
    Colleen

  6. 6 Posted by David Neubauer on 11 Mar, 2012 06:34 AM

    David Neubauer's Avatar

    Did you read my post? They are being filtered from our logs by the same config.filter_parameters that your docs say you respect. Only your library does not appear to have the same respect as Rails 3 does.

    My project is financial, I can't use exceptional unless this issue is resolved,

  7. Support Staff 7 Posted by Herb on 13 Mar, 2012 01:53 AM

    Herb's Avatar

    Hi David,

    thank you for reporting the gem issue!

    I've just pushed a fix for this.

    Just update your gem and enjoy :)

  8. 8 Posted by Robert on 15 Feb, 2013 11:19 PM

    Robert's Avatar

    Hi, this is Robert with support, I am clearing out old tickets. If you are still having issues with this, send an email to [email blocked].

    Thanks,
    Robert

  9. Robert closed this discussion on 15 Feb, 2013 11:19 PM.

  10. Daniel re-opened this discussion on 15 Feb, 2013 11:36 PM

  11. 9 Posted by Daniel on 15 Feb, 2013 11:36 PM

    Daniel's Avatar

    I'm good. thanks.

  12. Robert closed this discussion on 15 Feb, 2013 11:39 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac