sleep()

jc94062

I was just reading through a post earlier where an example was given, and I saw sleep(1) being used to stop the script for a second, apparently this has something to do with making it harder to hack?

Could anyone shed some light on why anyone would want to slow down their script? I spent a lot of time trying to speed them up :-)

brandonschnell

if the username/password are correct the script ends normally. otherwise the script waits for a second before requesting the username/password again. this will slow down a brute force hack trying every possible username/password.

the attacker could make multiple requests and try multiple combinations at a time, but each connection would require at least a second before the attacker would know if it suceeded. if you're using sessions there are better ways to prevent hacks such as this. logging every connection attempt and only allowing so many connections in a certain period of time from the same ip address can also slow down an attack.

jc94062

ah! I see, tkx.

Anon

I found this comment on the php site.

sleep() is useful as a hack delay. For example, in a login screen. Use sleep() when you have determined the username/password combination entered in a form is invalid. A sleep of a second is almost not noticable to the user, but frustrates a cracker trying to use brute force methods to gain access to your restricted area. Make sure you use sleep() before outputting any HTML, otherwise you may tip the cracker that the login failed before you enter sleep().