Bug #21245
closed
Improve "Login not possible" message, if login fails although username and password were correct
Added by Philipp Metzler over 14 years ago.
Updated almost 9 years ago.
Category:
Backend User Interface
Sprint Focus:
Remote Sprint
Description
Hi,
If there's no free disk space is left then you can't login to Typo3 anymore. It tells you to check username and password but it should display a message: "No free disk space available! You can login if there ist at least X MB free disk space available."
At the moment this message is displayed:
Your login attempt did not succeed. Make sure to spell your username and password correctly, including upper/lowercase characters.
Philipp
(issue imported from #M12198)
seemes to be solved in Typo3 4.2.9
Resolved with fixed in 4.2.9 as requested by reporter.
hi,
there's no hint that no disk space is left and that the login doesn't work because of that specific reason. a user confronted with this error may first assume that the site might have been hacked, will reset passwords, then tries to roll back to the latest backup, etc. eventually he finds out that there's a problem with the disk space. so it's not the most obvious reason. as quotas are quite common in shared environments IMHO a friendly message about the reason would be very nice.
merry x-mas!
philipp
Hi,
there are so many cases... I think there should perhaps be a general information like "Your session could not be created. Please contact your administrator."
Not only "no space left" would be a message. Think about:
"your cpu has a problem, sorry, you cannot login to TYPO3"
"your ram has a problem, sorry, you cannot login to TYPO3"
"your mainboard looks bad, sorry, you cannot login to TYPO3"
"It is snowing, sorry, but you cannot login to TYPO3 with snow" :-)
...
That's not part of TYPO3 I think. But a much more general information should be displayed if the username and password was correct but if he cannot login.
That would be a good solution I think.
Sven
I think it's hard to identify the problem.
Is it the be_session record in the database, which cannot be created? Dunno, if the result of the DB INSERT is checked.. maybe otherwise an error message should be shown (not that the disk is probably full, but at least that the record couldn't be created).
ok i see. yes - it would be very helpful to know at least that the username / password is correct! but is it that hard to check for any diskspace left? i mean - typo3 writes temporary files (to caches) all the time. so if the login fails, but username/password are correct typo3 could write a small file to a directory that must be writeable and if that fails it's very likely that no diskspace is left anymore. if that directory has wrong rights the user can be warned as well. just an idea - i assume that there are other cases that one must consider.
Not really... TYPO3 writes into the database. The mysql server instead has to log that there is no space left to write something in the database tables.
TYPO3 should give out an error like I wrote so that you know (or your backend user) that they have to inform the administrator to look because they did all right. Think about a normal backend user. What should he do if he get "disk full". He cannot do anything and perhaps he shouldn't know that the administrator cannot look for enough free disk space. ;-)
BTW: Did you ever try to restart a machine with a full disk? :-)
I read a similar bug report not so long ago. I understand that it's hard to track down that the disc is the cause. We can't even say that it's the disc (EDIT: DB might be different machine), we can only say that the DB record wasn't written, because of whatever reason. Might be that the be_sessions table doesn't even exist. I think at least in this case, we should throw an error.
- Category set to Backend User Interface
- Status changed from Needs Feedback to New
- Target version deleted (
0)
- Assignee set to Mathias Schreiber
- Target version set to 7.1 (Cleanup)
- Is Regression set to No
- Sprint Focus set to Remote Sprint
- Target version changed from 7.1 (Cleanup) to 7.4 (Backend)
We should display only the generic error message, more information can be logged into sys_log or anywhere else, but should not be displayed in the public error message.
To much information can help attackers to identify vulnerabilities and to make targeted attacks (information disclosure).
I would prefer to not change anything here and close this issue.
- Status changed from New to Rejected
if no free disk space is available logging to filesystem or DB (on same server) is not possible.
So we decided to close this issue now.
Also available in: Atom
PDF