Error logging and failed authentication attempts
Please contact me for text I would also sign, not only acknowledge or if post got broken during one of many server upgrades. I will be most grateful.
People make mistakes and that’s why we log every error that happens on Marela pages or its API. I imagine most services that care about quality do more or less the same, since it is a great way to find yet undiscovered bugs.
There’s an additional benefit when it comes to an API. You can also get an insight in what developers would like to do and how they go about doing it. With a bit of care you may even correct badly designed calls before they get too widely adopted.
What may not be as obvious is that not all calls are equal and some of them probably need more careful reporting. A good example would be failed authentication attempts.
Marela is one of services supported by Fotofox, a popular photo sharing Firefox add-on, which is great. However support for multiple different services invariably leads to a problem, where users send their usernames and passwords to the wrong site. We weren’t prepared for this and our first reaction was to simply religiously delete all such reports from our logs to prevent any possibility of an abuse.
I think this was wrong, so we changed it. Probably the best way is to record failed authentication attempts the way Unix systems do, by logging just username that was used in an attempt and its success, while ignoring provided password completely. This way we still obtain valuable information while protecting data that we clearly shouldn’t have access to.
This is of course just an example. My main point is that a sufficiently large API will have calls with different privacy needs and API designers should think carefully about what needs to be recorded in service logs and what mustn’t.
Many times you get a failed login attempt because of a bad internet connection. For other reasons, always keep a check on the latest security software for authentication purpose. You can check on many secure settings from the control panel of your system. For hosting services, keep in list names as gate.com. Moreover, if you are into email advertising, likewise, you would be glad to look into other options of search engine optimization techniques. Maybe it's high time you thought about pay per click for your great website!
Actually, the UNIX model doesn’t even require sending the password. It’s more of a challenge/response. Server sends you a token encrypted with your password, you decrypt it and send it back (or vice versa).
You should never be sending/storing the plaintext password, even over a secure connection. Dunno if you can do this from a browser though…
Comment by Peter Fein — April 6, 2007 @ 8:35 pm
I know. What I meant was that UNIX log files store only username (and some other data), but not a password.
Of course you’re right that you can build a service that doesn’t require sending plaintext password, but that wouldn’t necessarily mean that someone wouldn’t.
Comment by markos — April 6, 2007 @ 8:39 pm