search

AlyceBrady / ramp

Record and Activity Management Program (temporarily combined with SMART: Software for Managing Academic Records and Transcripts)
BSD 2-Clause "Simplified" License
3 stars 11 forks source link

Logging or audit trails for database transactions #15

Open AlyceBrady opened 11 years ago

AlyceBrady commented 11 years ago

Log database transactions for auditing.

AlyceBrady commented 10 years ago

Have added some initial, experimental code for logging authentication attempts (successful and unsuccessful), but it is not currently being used because application.ini has the logPath commented out. Key decisions: should logging be to a file or to the database, should there be a different log for authentication attempts than for database modifications (or a different log for base authentication info -- succeeded/failed -- and for detailed messages for failed authentication), where should database logging be inserted?

Brief experiment was to log all authentication messages to a single file, but that did not work because file permissions were not correct. What should file permissions be? Where should it be? How is privacy ensured? (Similar questions arise for database backups, unless encrypted.)