Comments on: Error reporting http://blog.jorygeerts.com/2007/12/29/error-reporting/ Just another WordPress weblog, or something like that Sun, 16 May 2010 16:52:11 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Ben Babcock http://blog.jorygeerts.com/2007/12/29/error-reporting/comment-page-1/#comment-5067 Ben Babcock Fri, 25 Jan 2008 13:04:17 +0000 http://blog.jorygeerts.com/2007/12/29/error-reporting/#comment-5067 I like to be as helpful as possible to the user and tell them exactly which part of their entries were in error. As a user who frequently forgets passwords to sites he doesn't visit often, I find it unbelievably frustrating when I'm trying out user/password combos and the site's just telling me, "Wrong answer. Wrong answer. Wrong answer" over and over without any details. If my application is secure, then this shouldn't be a problem--I also like to limit the number of login attempts as well, so even if someone is trying to guess the password, they only have a certain number of tries and then the site will just stop processing the requests. Obviously if the problem is a technical one on the backend, like not being able to connect to the database, I wouldn't give away key info. That's what error logging is for--the error gets sent to me, and the user sees a pretty message that says something like, "Could not log in due to technical difficulties. Please stand by." Lately I've been looking into try/catch blocks and exceptions, since those seem like powerful tools to use. I hope to work on a larger sort of site during the next few months and push the limits of my PHP skills, especially when it comes to application design like this. :D I like to be as helpful as possible to the user and tell them exactly which part of their entries were in error. As a user who frequently forgets passwords to sites he doesn’t visit often, I find it unbelievably frustrating when I’m trying out user/password combos and the site’s just telling me, “Wrong answer. Wrong answer. Wrong answer” over and over without any details.

If my application is secure, then this shouldn’t be a problem–I also like to limit the number of login attempts as well, so even if someone is trying to guess the password, they only have a certain number of tries and then the site will just stop processing the requests.

Obviously if the problem is a technical one on the backend, like not being able to connect to the database, I wouldn’t give away key info. That’s what error logging is for–the error gets sent to me, and the user sees a pretty message that says something like, “Could not log in due to technical difficulties. Please stand by.”

Lately I’ve been looking into try/catch blocks and exceptions, since those seem like powerful tools to use. I hope to work on a larger sort of site during the next few months and push the limits of my PHP skills, especially when it comes to application design like this. :D

]]> By: Dennis http://blog.jorygeerts.com/2007/12/29/error-reporting/comment-page-1/#comment-4934 Dennis Sun, 30 Dec 2007 02:31:46 +0000 http://blog.jorygeerts.com/2007/12/29/error-reporting/#comment-4934 I usually just tell them "Could not log you in using those credentials" or something along those lines. Sure, it's a bit more secure, but mainly I just find it less work and less resources. That's the big reason. I usually just tell them “Could not log you in using those credentials” or something along those lines. Sure, it’s a bit more secure, but mainly I just find it less work and less resources. That’s the big reason.

]]>