All geek questions in one place

How to filter sensitive parameters from the SQL portion of Rails 5 logs?

Rails 5 offers parameter filtering, and I specified config.filter_parameters += ["my_token"] in application.rb .

Testing my application in dev (environment) mode, I see that my_token correctly filtered from the query lines of the log file:

Started GET "/something?my_token=[FILTERED]"

However, the SQL log lines following it still include the parameter value in the text ("SELECT stuff FROM things", etc., with my_token as the parameter).

Does Rails 5 provide a way to filter this raw value from the SQL portion of its log files?

I also run my application in run mode, and although the log files are more compressed, they still display the value unfiltered in the D-type log lines for the generated SQL statements.

I didn’t set any configurable log parameters - by default everything except filter parameters,

My own search did not show a corresponding discussion of this. Maybe I missed something?

thanks!

+5
source share
1 answer

If you want to completely disable SQL logging for production, you can change the log level in config/environments/production.rb to :info

  config.log_level = :info

If you want to disable logging with only a few queries with sensitive data, you can use Rails.logger.silence . It blocks the log for the entire block provided. Therefore, it can be used to avoid writing a specific SQL query in the log.

Using:

 def index Rails.logger.silence do # load method is used to force query execution inside the block @items = Item.all.load end end

Keep in mind that queries are executed lazily, so if a query is executed outside the block, it will be logged anyway. The following example will fail:

 def index Rails.logger.silence do # The query will be executed outside the block when @items is first used in the view @items = Item.all end end
+2
source

Source: https://habr.com/ru/post/1261027/

More articles:


All Articles