Django snippets: Password Obfuscation Log Filter

Password Obfuscation Log Filter

from logging import Filter

class PasswordObfuscationFilter(Filter):
    """Filters out passwords in log messages."""

    def filter(self, record):
        if hasattr(record, 'request') and record.request.POST.get('password', None):
            qd = record.request.POST.copy()
            qd['password'] = "%s (removed)" % ('x'*8)
            record.request.POST = qd
        return True

More like this

Email obfuscation filter using ROT13 by worksology 4 years, 10 months ago
group_required decorator by msanders 4 years, 6 months ago
phpbb (2.x) authentication backend by bram 5 years, 7 months ago
Email-obfuscator Template Tag by gronimo 1 year, 9 months ago
Email and phone templatetag obfuscator by sunn 4 years, 7 months ago

This is a simple logging filter to ensure that user-entered passwords aren't recorded in the log or emailed to admins as part of the request data if an error occurs during registration/login.

Author:: nikmolnar
Posted:: June 28, 2013
Language:: Python
Version:: 1.4
Tags:: filter log password logging obfuscation
Score:: 0 (after 0 ratings)

Tools

Comments