This is a principle or a set of principles. To view all principles, please see the Principle Category page.
Log All user access (IP,Username,Time ,web request etc..).
If you do this ,then someday when your application /site is down/hacked you can trace the culprit and check what went wrong.
You may ask , if the user uses an proxy , Though it will help. As "what happened" is logged and the exploit can be fixed more easily.