473,385 Members | 1,353 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Sleeping a thread in ASP.NET?

Can someone give me some guidance on this?

I am implementing a system where if a user fails the login, I am doing
a thread.sleep(random number).

If I returned the page right away, you could write a script to try many
username/password combos per second. Using this, it will slow down the
person by making them wait at least a few seconds for a bad
username/password.

I am also implementing some other features like a CAPTCHA image and
other stuff I won't bother listing. But what I am wondering is what
impact this will have on the performance of my application.

For the X seconds that the thread is sleeping, it won't be able to
process incoming requests. Is there a chance that other requests will
have been queued up for this thread and will basically be blocked by
the sleep command?

Nov 19 '05 #1
4 3217
Yes, this could cause blocking problems (since there are a limited number of
threads) so I wouldn't recommend it.
It also wouldn't achieve your goal since incoming requests are processed by
different threads.

I'd suggest a more conventional approach such as locking the account
(temporarily?) if too many invalid login attempts are made.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"cmay" <cm**@walshgroup.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Can someone give me some guidance on this?

I am implementing a system where if a user fails the login, I am doing
a thread.sleep(random number).

If I returned the page right away, you could write a script to try many
username/password combos per second. Using this, it will slow down the
person by making them wait at least a few seconds for a bad
username/password.

I am also implementing some other features like a CAPTCHA image and
other stuff I won't bother listing. But what I am wondering is what
impact this will have on the performance of my application.

For the X seconds that the thread is sleeping, it won't be able to
process incoming requests. Is there a chance that other requests will
have been queued up for this thread and will basically be blocked by
the sleep command?

Nov 19 '05 #2
Steve,

So I guess if the hacker was spawing a bunch of threads you are right,
that it would be the same if they have 1 process hitting the login page
10 times / second, or 100 threads hitting the page 1 / 10 seconds, it
would still be 10 hits / second on avg.

Thanks for the advice!

Nov 19 '05 #3
It will likely cause threading problems for you, the worker process only has
so many threads to use at any time and your effectively locking them up.

try instead ending the session and adding the IP to a list of locked IP's .
In session start check if the IP of the requester is in the list and if it
is then reject the request. You could try sending a response.redirect to
the browser on a failed attempt to delay the requester even further.

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

"cmay" <cm**@walshgroup.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Can someone give me some guidance on this?

I am implementing a system where if a user fails the login, I am doing
a thread.sleep(random number).

If I returned the page right away, you could write a script to try many
username/password combos per second. Using this, it will slow down the
person by making them wait at least a few seconds for a bad
username/password.

I am also implementing some other features like a CAPTCHA image and
other stuff I won't bother listing. But what I am wondering is what
impact this will have on the performance of my application.

For the X seconds that the thread is sleeping, it won't be able to
process incoming requests. Is there a chance that other requests will
have been queued up for this thread and will basically be blocked by
the sleep command?

Nov 19 '05 #4
> So I guess if the hacker was spawing a bunch of threads you are right,
that it would be the same if they have 1 process hitting the login page
10 times / second, or 100 threads hitting the page 1 / 10 seconds, it
would still be 10 hits / second on avg.
Here's an example your application could emulate, from the Windows NT / 2000
/ XP / 2003 Group Policy Editor:

# of invalid logon attempts before disabling the user account: 3

So I, as the malicious user, try this:

Username: MLabosh
Password: 123

[fails on invalid password]

Username: MLabosh
Password: 456

[fails on invalid password]

Username: MLabosh
Password: 789

[fails on invalid password]
[account locked out]

Username: MLabosh
Password: WXJ45_*b; [correct password]

[Access denied: Too many invalid logon attempts]
--
Peace & happy computing,

Mike Labosh, MCSD

"Mr. McKittrick, after very careful consideration, I have
come to the conclusion that this new system SUCKS."
-- General Barringer, "War Games"
"cmay" <cm**@walshgroup.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com... Steve,
Thanks for the advice!

Nov 19 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: COMfused | last post by:
I have a thread that has a delegate function which will be called when another process exits. This thread went to sleep, the process exits and is supposed to call the delegate, but it did not...
16
by: Alvin Bruney | last post by:
I'm observing that a sleeping thread changes to stopped after a while. Is that accepted framework behavior for web applications? My thread basically does some work, and sleeps for 60 minutes...
4
by: Muscha | last post by:
Hello, I have a thread that in the middle of the execution I did Thread.Sleep(). How do I tell this thread to abort it sleep and continues? Is there a way? thanks, /m
8
by: Cider123 | last post by:
I ran into a situation where my Window Service had to process 100,000+ files, when I first noticed I needed to tweak various routines. Everything runs fine, but here's what I ran into: In the...
1
by: scorpion53061 | last post by:
I have MS Word operating in a thread other than the main writing a report. Can I tell the main thread to wait until a particular point (a sub starts) in another thread before continuing on?
2
by: Scott M. Lyon | last post by:
I've got an application that, in the main form, Starts up a thread. That thread consists of an endless loop (a WHILE TRUE loop), at the end of each iteration is a Sleep() command, so it will sleep...
17
by: Benny Raymond | last post by:
I have a thread that sleeps for 5 minutes once it's finished running a method and then it repeats itself if it's supposed to (bool = true). Prior to 2.0 I was able to resume the thread after...
2
by: Mark | last post by:
We are building a public web application that calls a web service on an internal box. The web service runs for 5-10 minutes, does some heavy processing, and writes to a database when it is...
0
by: Buckaroo Banzai | last post by:
Hello, newbie here... I'm writing this program but when I click the start button which should initiate either the Hare or the Tortoise, it does not, this is the first time I use threads, so the...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.