You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.
We should not spam the log with WARNINGS about client's missing permissions. I propose changing these log lines to "INFO" and delete some places (e.g. if no auth was given).
The text was updated successfully, but these errors were encountered:
I am not sure why we want to alter WARN to INFO here? According to our internal Logging guidelines, we have to log it either with WARNING (an error occured but we could handle it somehow) or not log it at all which could be a problem security wise (to detect anomalies).
I think it's discussible whether an "error occured" --- all spiders/crawlers around the world will attempt requests without authorization, i.e. it's no error, but usually behavior.
Logging as INFO still makes anomaly detection possible (also number of successful logins can be tracked).
We should not spam the log with WARNINGS about client's missing permissions. I propose changing these log lines to "INFO" and delete some places (e.g. if no auth was given).
The text was updated successfully, but these errors were encountered: