Turn filter_parameter_logging on by default for password and password_confirmation and remove contentless comments

railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb

@@ -2,9 +2,7 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
-  helper :all # include all helpers, all the time
-  protect_from_forgery # See ActionController::RequestForgeryProtection for details
-
-  # Scrub sensitive parameters from your log
-  # filter_parameter_logging :password
+  helper :all
+  protect_from_forgery
+  filter_parameter_logging :password, :password_confirmation
 end