CiviCRM Community Forums (archive)

I've been using the sandbox and I keep getting an alert box:
"Seems like you are probing the system for weakness, are you?"

No clue why this is showing up, and the message doesn't even tell me why it is showing up, but I can imagine it will cause a few newbie users heart attacks.

Can we deliver an alert message that encourages people to use the system rather than discourages them from using the system because the software is telling them in no uncertain terms they are probably doing something bad, but since the user has no idea what is going on, the only logical way to stop doing the bad thing is to stop using the software.

The only replicable case I can come up to generate the warning is using the browser back button in a multi-step form. If we don't want users to use the back button, we could offer a message like "CiviCRM works better if you use the continue and back buttons at the bottom of the screen rather than the browser back button."

<fussy, ignorable user post>

Lets review how many ways this violates Jakob Nielsen's error message guidelines http://www.useit.com/alertbox/20010624.html:

• "Explicit indication that something has gone wrong."  --  "seems like" is generally not a very explicit phrase
• "Human-readable language" --  Actually this is very human readable, so that is good.
• "Polite phrasing that doesn't blame users or imply that they are either stupid or doing something wrong"  --  Big F grade on that one
• "Precise descriptions of exact problems, rather than vague generalities"  --  D+ at best
• "Constructive advice on how to fix the problem"  --  Another F grade.

</fussy, ignorable user post>

<attempt to make sure developers will still talk to me>

I still believe Nick Lewis's quote:

CiviCRM is maybe the only module I know of that could create an industry of consultants all by itself. Moreover, the people who run the project are -- as far as I know -- the most responsive team in the entire industry. If you mention them anywhere on the public internet, you can rest assured they will hear you in 2-5 hours.

</attempt to make sure developers will still talk to me>

Yes that errror msg does sound uninformative and "awful" :-), but the idea of integrating some kind of application firewall does sound good. The civiCRM user sites wold have all sorts of user data in it that many could be interested in "acquiring". I am pretty sure that it is just for Apache (no IIS), but has  mod_security ( http://www.modsecurity.org/ ) been investigated? I believe that it is rather popular and the main thing that I think it would need is a ruleset of what parameters are valid in the various section URLs.