On Wednesday, June 24, 2015 at 6:37:14 PM UTC-4, raould wrote: > > > 350ms sounds fast enough for a low-frequency user interaction. In fact, > once > > login is fast enough not to annoy your users, you don't *want* any more > > speed from it, as further speedup then only benefits blackhats trying to > > brute-force one of your users' accounts. So, it might be a feature, not > a > > bug. > > Those seem like really weird statements to me. :-) > > a) I thought it was 250 msec as the upper abound for things feeling > snappy. Tho others apparently say 100 msec or less. > > http://stackoverflow.com/questions/536300/what-is-the-shortest-perceivable-application-response-delay > >
That would apply to common actions like typing and entering. Login being slower than that isn't likely to be as much of a bother as you likely only do it infrequently, maybe as much as once a day if you're paranoid and clear cookies nightly. > b) If anybody is relying on 350 msec vs. e.g. 100 msec as some grand > solution to black hats brute forcing logins, I strongly suspect they > are doing it very wrong. > Relying on? No. But every little bit helps, and making it less economical to do bad things can have big breakpoints where an incremental additional difference turns mild badguy profits into mild losses. -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
