Wedge
Public area => Bug reports => The Pub => Archived fixes => Topic started by: Nao on May 2nd, 2012, 07:26 PM
-
If there's one type of error that really bothers me in the error log, it's the "Password incorrect" error...
I believe it is logged every time someone enters an incorrect password when logging in.
Because it's the kind of thing that really I couldn't care less about, I'd suggest that we only log these (or at least offer a setting to...) when there have been X consecutive failed password attempts. That would still take care of brute force attempt warnings, while still leaving admins in peace without the need to systematically check their error log only to find these errors...
I'm not sure there's even a system in place to allow for logging errors according to their gravity level.
-
Great.
That empties my error log. :)
I have a forum full of muppets with unmemorable passwords.
p.s where has the like button gone?
-
It's not implemented yet, I just wanted to see opinions about it :)
And hopefully Pete will implement it before I do, because I'm awfully busy on tons of features at the same time, in case you didn't check out today's rev log ;)
The Like button is still here...? It's just hidden inside the Actions button in Mobile mode, if you're wondering.
-
iPad2
Only quote and report options in the action drop down
:hmm:
:P Avid reader of Revs. Don't understand much of what's posted though :sob:
-
I can't remember if likes was permission based or not, don't think it is though :/
Regarding errors, there's an interesting situation attached. After the third attempt, the session will notice and ask instead for username or email to remind you, so in theory bruteforcing is supposed to cap at 3 though it's possible to bypass that under certain circumstances... is a bit complicated.
I agree in principle that we can cut back on the 'password' errors (note that they have their own category now, heh) but not sure how best to do it.
-
Like button *was* visible to me.
Cannot put a day/time to that statement
-
Like button should show up in mobile mode now. This was a recent bug I fixed today.
Yeah I know passwords have their own category which is why I'm suggesting that admins could choose types of errors to log -- just like they can choose to disable 404s which have their own cat, it'd be nice to streamline all of this.
-
Choosing types to log is an interesting idea though I don't think I'd offer all types of error; I don't think I'd offer to hide plugin errors for example.
What I would be more inclined to do is figure out better ways to handle some of these; 404s need a proper option, sure, but password errors can be handled more gracefully, perhaps by logging the number of failures in the user's account and only notify the admin when a certain number of failures is hit (and then reset that on successful login and once the warning has been issued)
-
r1644 adds in an option for this. I couldn't think of a more reliable method that would actually stand up to scrutiny and in the mean time this'll do.
-
Perfect, thank you :)
-
This is finished now, yes?
-
Ah, yes, I believe I implemented that last month or so... 8-)