This has been a draft for a while, so things are probally outdated but I’m still wondering about this, so here goes…
I have been doing a lot more PHP lately then I have in a long while and that, plus the prospect of a pretty big project I will hopefully start on during the summer, made me think a bit about error reporting. I’m not talking about E_ALL vs E_, err, 0. I’m talking about what to tell the user when either (s)he or the application screws up.
As explaining is easier by example, here’s one: your application has a login section which grants access to who knows what. A user wants to log in, has the correct username but the wrong password. Do you simple tell them “invalid credentials” or is it something along the lines of “Sorry, $prettyusername, but the password you provided does not match the one in our database. You may try again[link to #login]. You can also recover your password[link to password recovery]”?
From where I stand, both have there up- and downsides. Just telling them they didn’t enter valid credentials isn’t anywhere near userfriendly, but if the user is someone who is trying to break into the application I don’t want to tell them anything.
So, what is more important, being friendly to your users or giving people that try to break in as little help as possible?
I usually just tell them “Could not log you in using those credentials” or something along those lines. Sure, it’s a bit more secure, but mainly I just find it less work and less resources. That’s the big reason.
I like to be as helpful as possible to the user and tell them exactly which part of their entries were in error. As a user who frequently forgets passwords to sites he doesn’t visit often, I find it unbelievably frustrating when I’m trying out user/password combos and the site’s just telling me, “Wrong answer. Wrong answer. Wrong answer” over and over without any details.
If my application is secure, then this shouldn’t be a problem–I also like to limit the number of login attempts as well, so even if someone is trying to guess the password, they only have a certain number of tries and then the site will just stop processing the requests.
Obviously if the problem is a technical one on the backend, like not being able to connect to the database, I wouldn’t give away key info. That’s what error logging is for–the error gets sent to me, and the user sees a pretty message that says something like, “Could not log in due to technical difficulties. Please stand by.”
Lately I’ve been looking into try/catch blocks and exceptions, since those seem like powerful tools to use. I hope to work on a larger sort of site during the next few months and push the limits of my PHP skills, especially when it comes to application design like this. 😀