This is a principle or a set of principles. To view all principles, please see the Principle Category page.
Log All user access (IP, Username, Time, web requests, etc.).
If you do this, then someday when your application/site is down/hacked you can trace the culprit and check what went wrong.
You may ask, if the user uses a proxy, though it will help. As "what happened" is logged and the exploit can be fixed more easily.