16
phiter
4y

I made a really cool animation for the login proccess. A spinning circle saying "authenticating" that would turn into a check mark after a successful login. All pretty, but the proccess is so fast the user wouldn't even see the animation. So I used setInterval so the animation always runs for 2 seconds after the ajax request is done.

Comments
  • 3
    Why did you use setInterval instead of setTimeout? 😀
  • 0
    @cahva just going to guess here. But to make sure it's actually loaded. Of course then if it doesn't you have to wait at least another 2 seconds so... idk anymore
  • 0
    I'm not sure if I used setTimeout
  • 5
    There was a study I read about that if a website takes longer to "authenticate" you, users trust it more (to a degree). Very interesting.
  • 0
    Its actually quite interesting issue securitywise as hackers can actually tell from the responsetime how close they are cracking the password so optimally password check from the serverside should always take the same time.

    For example if you set the time to be always 2000ms:
    - start timer
    - assert the password to db
    - stop timer
    - it takes 50ms
    - wait for 1950ms (2000-50)
    - send response

    Ofcourse if the password is correct, you can send the response immediately 😀
  • 1
    @cahva thats really weird. Why should a password have any bearing on how fast authentication occurs?
  • 0
    @tisaconundrum damn cant find that article anymore, maybe its a non-issue. It was something like a hacker can know how similar the tried password is depending the responsetime from the server.

    But ofcourse, adding delay on serverside is always the right way as it will make it harder to do bruteforce attack. Well not harder but more time consuming :)
Add Comment