Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Why did you use setInterval instead of setTimeout? 😀
phiter28034yI'm not sure if I used setTimeout
A-C-E61094yThere was a study I read about that if a website takes longer to "authenticate" you, users trust it more (to a degree). Very interesting.
Its actually quite interesting issue securitywise as hackers can actually tell from the responsetime how close they are cracking the password so optimally password check from the serverside should always take the same time.
For example if you set the time to be always 2000ms:
- start timer
- assert the password to db
- stop timer
- it takes 50ms
- wait for 1950ms (2000-50)
- send response
Ofcourse if the password is correct, you can send the response immediately 😀
@tisaconundrum damn cant find that article anymore, maybe its a non-issue. It was something like a hacker can know how similar the tried password is depending the responsetime from the server.
But ofcourse, adding delay on serverside is always the right way as it will make it harder to do bruteforce attack. Well not harder but more time consuming :)
marodok21Boss: we need a html clone of our WordPress website, how many days do you need to recode? Me: Sure, I need a ...
sulemartin8714was at a hackathon, had to write an app that sent current location to emergency contact. hard coded the locati...
bilange14First time poster here. Please be nice :) My biggest workaround is one that's being currently deployed to 40 ...