If you are wondering, "How on earth do I ensure that sensitive parameters are not logged anywhere by the Rails 3 application?". Well, its a cinch as far as Rails goes. All you need to do is add all your sensitive parameters to filter_parameters list in config/application.rb file.
A sample Rails3 config file having this setup will look as below (MyRails3App is the name of my rails application):
A sample Rails3 config file having this setup will look as below (MyRails3App is the name of my rails application):