Why Do I Have To Sign In?
The Short Story
The FED website requires registration and sign-in for these reasons:
- To minimize server load from bots, spiders, crawlers
- To reduce the security risks posed by hackers
- To help provide general usage information to the sponsors of the project
The Longer Story
Some pages on the website do not require sign-in, but many do. If the elements on a page (such as list boxes or data tables) require interaction with the database in order to retrieve data or metadata, then access to the page is generally restricted to signed-in users. This prevents automated bots and crawlers from triggering database actions and thus reduces load on the database servers. Many of the pages
and tools on the website are data-intensive, so significant server load can be caused by bots and crawlers alone. Requiring sign-in for these types of pages helps reduce this type of server load and improve website performance.
For example, simply visiting a page like the Database Query Wizard causes a backend database query to be executed in order to fill the list of available datasets that you see on the first tab of the Wizard. When an automated search or indexing "bot" visits the Query Wizard while doing a routine "crawl" of the website in order to update its indexes, it causes this query to be executed in spite of the fact that the bot never "intends"
to actually use or interact with the database. In the early days of the website this wasn't a significant issue because bot visitations were much less frequent. Today, bot visitations are much more frequent than ever before and generate a non-trivial volume of HTTP traffic and server load, especially while crawling data-intensive pages. Requiring sign-in for these pages (thus screening out bot traffic) has helped us reduce unnecessary database server load by over 90%.
Another important reason for requiring registration and sign-in is to reduce the impacts and security risks from hackers. The website is hosted on a university network with higher bandwidth and less security than most corporate networks, thus making it an attractive target for malicious cryptojacking, content trafficking, file sharing, and penetration testing. Requiring sign-in enables us to significantly reduce the risk of SQL injection attacks, Denial of Service (DDOS) attacks,
and other penetration-testing attempts that are often automated by both pros and script kiddies alike, most of whom are looking for an easy way to piggyback on University bandwidth and file system space. Again, requiring sign-in has allowed us to significantly reduce the impacts from these sorts of interactions.
Finally, but no less importantly, requiring a simple registration and sign-in procedure enables us to provide our project sponsors with useful traffic and usage data for the website. We only ask for a small amount of information when you register - your name, email address, and organizational affiliation. These basic data points provide important insights into the types of organizations that are using the website, which in turn helps us prioritize our development resources more strategically in order to refine and expand the resources found most valuable by the greatest number of users.
The Bottom Line
We understand that having to register and sign-in with any website is a hassle. Therefore, we've tried to make both registration and sign-in as quick, easy, and unobtrusive as possible. The great majority of data and metadata provided by this website is considered public domain, but much of it requires a substantial amount of time and effort to organize and maintain,
so your registration and sign-in helps us understand how to best apportion our development resources over time to improve the most frequently-used content and tools.
Thank you for your support and understanding.
-- The FED Development Team