---
title: No Sensitive Information in Logs
impact: HIGH
impactDescription: prevents accidental exposure of credentials in logs
tags: security, logging, credentials, vulnerability
---

## No Sensitive Information in Logs

Ensure sensitive data like passwords, credit card numbers, and tokens are filtered from application logs.

**Incorrect (logging sensitive data):**

```ruby
# In a controller
def create
  Rails.logger.info "Creating user with params: #{params.inspect}"
  # Log output: ... "password"=>"secret123", "credit_card"=>"1234..."
end
```

**Correct (parameter filtering):**

```ruby
# config/initializers/filter_parameter_logging.rb
Rails.application.config.filter_parameters += [
  :password, :password_confirmation, :token, :credit_card, :ssn
]

# In controller
def create
  # Parameters will be automatically filtered in logs
  # Log output: ... "password"=>"[FILTERED]"
end
```

**Tools:** Brakeman, Rails default
---