I've read some good information (on SO) about how you must avoid storing credit card information on your website.
My Rails app would be the one getting the CC information from a on my website, correct? (as opposed to a payment processor site, if that's possible?) If so, then how do I know what all logs to "silence" so that they don't store the info?
What places (like Apache logs, my app's logs etc.) do I need to look at to remove such sensitive information ?
views:
57answers:
1
+2
A:
for rails apps is just
filter_parameter_logging :name_of_input
simple usage:
class ApplicationController < ActionController::Base
filter_parameter_logging :cc
end
html:
<input type="text" name="cc">
check: http://apidock.com/rails/ActionController/Base/filter_parameter_logging/class
Sebastian Brózda
2010-09-15 06:14:45
Yes, I found out about the filters for RoR, but what about filtering out data in a web server like Apache (does Apache store form info in it's log files?)
Zabba
2010-09-15 06:17:05