Why Do I Have To Sign In?


The IWDW website requires registration and sign-in for these reasons:

  1. To minimize server load from bots, spiders, crawlers
  2. To reduce the security risks posed by hackers
  3. To help provide general usage information to the sponsors of the project

The Longer Story

Some pages on the website do not require sign-in, but many do. If the elements on a page (such as list boxes or data tables) require interaction with the database in order to retrieve data or metadata, then access to the page is generally restricted to signed-in users. This prevents automated bots and crawlers from triggering database actions and thus reduces load on the database servers. Many of the pages and tools on the website are data-intensive, so significant server load is caused by bots and crawlers alone. Requiring sign-in for these types of pages helps reduce this type of server load and improve website performance.

For example, simply visiting a page like the Database Query Wizard causes a backend database query to be executed in order to fill the list of available datasets that you see on the first tab of the Wizard. When an automated search or indexing "bot" visits the Query Wizard while doing a routine "crawl" of the website in order to update its indexes, it causes this backend database query to be executed in spite of the fact that the bot never "intends" to actually use or interact with the database. In the early days of the website this wasn't a huge issue because bot visitations were much less frequent. Nowadays however, bot visitations are much more frequent than ever before and generate a non-trivial volume of HTTP traffic and server load, especially while crawling data-intensive pages. Requiring sign-in for these pages - and thus selectively screening out bot traffic - has helped us reduce unnecessary database load by over 90%.

Another important reason for requiring sign-in is to reduce the impacts and security risks from hackers. The website is hosted on a university network with a lot of bandwidth and less security than most corporate networks, thus making it an attractive target for Bitcoin miners, content traffickers, file sharers, and penetration testers. Requiring sign-in enables us to significantly reduce the risk of SQL injection attacks, Distributed Denial of Service (DDOS) attacks, and other penetration-testing attempts that are often automated by both pros and script kiddies alike, most of whom are looking for an easy way to piggyback on University bandwidth and file system space. Again, requiring sign-in has allowed us to significantly reduce the impacts from these sorts of interactions.

Finally, but no less importantly, requiring a simple registration and sign-in procedure enables us to provide our project sponsors with useful traffic and usage data for the website. We only ask for a small amount of information when you register - your name, email address, and organizational affiliation. These basic data points provide important insights into the types of organizations that are using the website, which in turn helps us prioritize our development resources more strategically in order to refine and expand the resources found most valuable by the greatest number of users.

The Bottom Line

We understand that having to register and sign-in with any website is a hassle. Therefore, we've tried to make the registration process as easy and quick, and the sign-in process as context-sensitive and unobtrusive, as possible. The great majority of data and metadata provided by this website is considered public domain, but much of it requires a substantial amount of time and effort to organize and maintain, so your registration and sign-in helps us understand how to best apportion our development resources over time to improving the most frequently-used content and tools.

Thank you for your support and understanding.

-- The IWDW Development Team