In ELMAH with MVC 3, How can I hide sensitive form data from the error log?

Question

Here is the scenario...

User types his username. Types an \"incorrect\" password. Both username and password values are being passed to the Elmah error log via the

Answer 1

You can't do this unless you modify the source itself. You could certainly modify the configuration and add the notion of an "Excluded Form Elements" to that, then when the Error class copies the collection from the HttpContext, you can remove any items in that list.

Another alternative would be to use something else, obviously, that provides more explicit control over the logging process like EntLib or log4net. It's trivial to write a module or global exception handler to utilize either one of those tools. Moreover, they are relevant in scopes outside of web applications.