We have a customer with very stringent security requirements. So we will encrypt the Rails database using one of Postgres's database encryption options. But that still leaves customer's data exposed in what the Rails logger logs when forms are submitted to create data.
I guess one option is not to encrypt the log file, but to suppress all the parameter values that get logged for POST requests by Rails. What is the best way of doing that?
Another option is to encrypt Rails log files as they are written to disk. Is that a better way to go, and what's a good way to do it?
one thing that you can do is in you config/application.rb file you can add fields that you want to omit from the logs like this
class Application < Rails::Application
...
config.filter_parameters += [:password]
config.filter_parameters += [:ssn]
....
end
I hope that this helps
If you want something better than the filter_parameters for all params, You can write a custom logger. see: http://rubyjunky.com/cleaning-up-rails-4-production-logging.html and the gem someone extracted from it, https://github.com/gshaw/concise_logging
However, you're going to need to store the encryption key somewhere on the same machine as the logs, which potentially means it's un-encryptable too if someone has active access (but not if they just somehow get the logs later).
Some questions to think about:
Your answers will define guidelines on how to attack this problem!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.