Login

Password Obfuscation Log Filter

Author:
nikmolnar
Posted:
June 28, 2013
Language:
Python
Version:
1.4
Tags:
filter log password logging obfuscation
Score:
0 (after 0 ratings)

This is a simple logging filter to ensure that user-entered passwords aren't recorded in the log or emailed to admins as part of the request data if an error occurs during registration/login.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
from logging import Filter

class PasswordObfuscationFilter(Filter):
    """Filters out passwords in log messages."""

    def filter(self, record):
        if hasattr(record, 'request') and record.request.POST.get('password', None):
            qd = record.request.POST.copy()
            qd['password'] = "%s (removed)" % ('x'*8)
            record.request.POST = qd
        return True

More like this

  1. Automatically setup raw_id_fields ForeignKey & OneToOneField by agusmakmun 8 months, 1 week ago
  2. Crispy Form by sourabhsinha396 9 months ago
  3. ReadOnlySelect by mkoistinen 9 months, 1 week ago
  4. Verify events sent to your webhook endpoints by santos22 10 months, 1 week ago
  5. Django Language Middleware by agusmakmun 10 months, 3 weeks ago

Comments

Please login first before commenting.