Actions
Bug #18788
closedLet Rails to log forbidden attributes
Description
By default Rails 4.x does not show forbidden attributes in production in log or in the exception itself:
http://api.rubyonrails.org/classes/ActionController/Parameters.html
I see no reason not to log it, possible attacker needs access to logs in order to find which attribute was denied.
This makes debugging much harder.
Updated by The Foreman Bot almost 8 years ago
- Status changed from New to Ready For Testing
- Assignee set to Lukas Zapletal
- Pull request https://github.com/theforeman/foreman/pull/4356 added
Updated by Marek Hulán almost 8 years ago
- Translation missing: en.field_release set to 209
Updated by Lukas Zapletal almost 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 3582015c6acf4c278c22c9e96c0352a43a4a094b.
Actions