In Iteration H, the Book calls out that you should not store credit card information in a database or in the log and then instructs the user to filter them out (PDF page 212).
config.filter_parameters += [ :credit_card_number ]
When invoking ActiveJob in the Orders Controller on PDF page 232, the code invokes the job and then the credit card number is logged as plain text.
ChargeOrderJob.perform_later(@order,pay_type_params.to_h)
Rails 6.1 (currently on master) will have the ability to prevent logging of ActiveJob parameters.
class ChargeOrderJob < ApplicationJob
queue_as :default
# works on rails >= 6.1 only
self.log_arguments = false
def perform(order, pay_type_params)
order.charge!(pay_type_params)
end
end
It might be worth mentioning in the blurb on page 212 (noting that you need to be mindful of the entire chain of custody of sensitive data) or around the section on 232, that you need to beware of accidentally leaking sensitive parameters in plain text to ActiveJob.