Permalink
Browse files

Turn filter_parameter_logging on by default for password and password…

…_confirmation and remove contentless comments
  • Loading branch information...
1 parent f9a4cf1 commit f09ad263cabe2e781c1994b85375fee8deba4317 @dhh dhh committed Dec 21, 2009
@@ -2,9 +2,7 @@
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
- helper :all # include all helpers, all the time
- protect_from_forgery # See ActionController::RequestForgeryProtection for details
-
- # Scrub sensitive parameters from your log
- # filter_parameter_logging :password
+ helper :all
+ protect_from_forgery
+ filter_parameter_logging :password, :password_confirmation
end

4 comments on commit f09ad26

Contributor

benpickles replied Dec 21, 2009

good, this should be the default :) - but you don't need to specify :password_confirmation as it will be matched by the first :password argument

Owner

dhh replied Dec 22, 2009

You're right, ben. Fixed that. Thanks!

Please sign in to comment.