username availability security concerns
Question
In a registration form I have, I put an ajax call to check if the username is available.
However, I am concerned that this opens up the system for a bot checking for valid usernames.
How can I secure the service from external calls?
Thanks
2 answers
solution1
5 2010-12-26 21:11:04
How can I secure the service from external calls?
Well... ANY user trying to register would be an "external call"!
I don't see how username checking would be a security risk. A bot could just register as fsdjiojiejfio and be pretty darn sure nobody took that before.
I would rather invest time into securing the registration process so that bots cannot register, even with a valid username.
solution2
1 2010-12-26 21:17:39
I presume your concern is that allowing "is this username available?" checks would allow someone with nefarious intent to only have to guess a password to log in, rather than having to guess a username as well. I think that's a valid concern, though I'm not sure I would worry myself overly about it.
The only secure way around this issue, I think, would be to require a captcha before you get to the registration page.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.