Wedge

Nao · « on May 2nd, 2012, 07:26 PM »

If there's one type of error that really bothers me in the error log, it's the "Password incorrect" error...
I believe it is logged every time someone enters an incorrect password when logging in.
Because it's the kind of thing that really I couldn't care less about, I'd suggest that we only log these (or at least offer a setting to...) when there have been X consecutive failed password attempts. That would still take care of brute force attempt warnings, while still leaving admins in peace without the need to systematically check their error log only to find these errors...

I'm not sure there's even a system in place to allow for logging errors according to their gravity level.

billy2 · « Reply #1, on May 2nd, 2012, 07:37 PM »

Great.
That empties my error log. :)
I have a forum full of muppets with unmemorable passwords.

p.s where has the like button gone?

Nao · « Reply #2, on May 2nd, 2012, 07:39 PM »

It's not implemented yet, I just wanted to see opinions about it :)
And hopefully Pete will implement it before I do, because I'm awfully busy on tons of features at the same time, in case you didn't check out today's rev log ;)

The Like button is still here...? It's just hidden inside the Actions button in Mobile mode, if you're wondering.

billy2 · « Reply #3, on May 2nd, 2012, 07:44 PM »

iPad2
Only quote and report options in the action drop down
:hmm:

:P Avid reader of Revs. Don't understand much of what's posted though :sob:

Arantor · « Reply #4, on May 2nd, 2012, 07:51 PM »

I can't remember if likes was permission based or not, don't think it is though :/

Regarding errors, there's an interesting situation attached. After the third attempt, the session will notice and ask instead for username or email to remind you, so in theory bruteforcing is supposed to cap at 3 though it's possible to bypass that under certain circumstances... is a bit complicated.

I agree in principle that we can cut back on the 'password' errors (note that they have their own category now, heh) but not sure how best to do it.

billy2 · « Reply #5, on May 2nd, 2012, 07:55 PM »Last edited on May 2nd, 2012, 08:05 PM

Like button *was* visible to me.
Cannot put a day/time to that ~~statement~~

Nao · « Reply #6, on May 2nd, 2012, 09:33 PM »

Like button should show up in mobile mode now. This was a recent bug I fixed today.

Yeah I know passwords have their own category which is why I'm suggesting that admins could choose types of errors to log -- just like they can choose to disable 404s which have their own cat, it'd be nice to streamline all of this.

Arantor · « Reply #7, on May 2nd, 2012, 09:39 PM »

Choosing types to log is an interesting idea though I don't think I'd offer all types of error; I don't think I'd offer to hide plugin errors for example.

What I would be more inclined to do is figure out better ways to handle some of these; 404s need a proper option, sure, but password errors can be handled more gracefully, perhaps by logging the number of failures in the user's account and only notify the admin when a certain number of failures is hit (and then reset that on successful login and once the warning has been issued)

Nao · « Reply #9, on July 24th, 2012, 06:41 PM »

Perfect, thank you :)

Arantor · « Reply #10, on August 20th, 2012, 09:15 PM »

This is finished now, yes?

Nao · « Reply #11, on August 22nd, 2012, 03:34 PM »

Ah, yes, I believe I implemented that last month or so... 8-)

Wedge

Home

Login

Register

Nao

Logging password errors

billy2

Re: Logging password errors

Nao

Re: Logging password errors

billy2

Re: Logging password errors

Arantor

Re: Logging password errors

billy2

Re: Logging password errors

Nao

Re: Logging password errors

Arantor

Re: Logging password errors

Re: Logging password errors

Nao

Re: Logging password errors

Arantor

Re: Logging password errors

Nao

Re: Logging password errors