Reputation: 4719
username availability security concerns
In a registration form I have, I put an ajax call to check if the username is available.
However, I am concerned that this opens up the system for a bot checking for valid usernames.
How can I secure the service from external calls?
Thanks
Upvotes: 3
Views: 345
Answers (2)
Reputation: 237975
I presume your concern is that allowing "is this username available?" checks would allow someone with nefarious intent to only have to guess a password to log in, rather than having to guess a username as well. I think that's a valid concern, though I'm not sure I would worry myself overly about it.
The only secure way around this issue, I think, would be to require a captcha before you get to the registration page.
Upvotes: 1
Reputation: 51670
How can I secure the service from external calls?
Well... ANY user trying to register would be an "external call"!
I don't see how username checking would be a security risk. A bot could just register as fsdjiojiejfio and be pretty darn sure nobody took that before.
I would rather invest time into securing the registration process so that bots cannot register, even with a valid username.
Upvotes: 5
Related Questions
- Username Availability
- PHP and AJAX security question
- Check username availability using ajax
- Security of Live Check Username with JS and PHP (MySQL)
- Security with Ajax login system
- Ajax, PHP and Security?
- Ajax handling - securty issues
- Ajax with PHP Security Concern
- Ajax user name availability with codeigniter
- PHP AJAX login, is this method secure?