Hi all and thanks for the answers. The client took changed the requirement to logging the username / timestamp / login outcome. I'm sorry but I still haven't found the reasoning behind the requirement, when I do find out I will come back with an update.
In any case, I'll try to communicate through my manager that attempted usernames might actually be or contain the password (or a mistyped password). Irrespective of the specific case, retention and logging of this kind of data sure opens a lot of security issues and needs to be handed carefully. Thanks again. On Tue, Jan 15, 2013 at 10:56 AM, Fabrizio Giudici < [email protected]> wrote: > On Mon, 14 Jan 2013 23:16:56 +0100, Ryan Schipper <[email protected]> > wrote: > > > think of a very good reason not to track it: mistyped passwords. >> > > ... and as it has been already said, the fact that sometimes you swap your > username with the password. Which means that it's not only the password > that creates a problem when ends up in the log, but even the account name. > > It's absolutely funny that you use hashes for building a system where > nobody but the user knows the password, and then the password ends up in a > log. > > > -- > Fabrizio Giudici - Java Architect @ Tidalwave s.a.s. > "We make Java work. Everywhere." > http://tidalwave.it/fabrizio/**blog <http://tidalwave.it/fabrizio/blog> - > [email protected] > > -- > You received this message because you are subscribed to the Google Groups > "Java Posse" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to javaposse+unsubscribe@** > googlegroups.com <javaposse%[email protected]>. > For more options, visit this group at http://groups.google.com/** > group/javaposse?hl=en <http://groups.google.com/group/javaposse?hl=en>. > > -- Sent from my iPhone -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
