Menu
I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?
278
Probably the best option is to limit, in the server-side script, the number of attempts a user is allowed to make (based on either session, or IP) to a sensible limit (ie. 10) within a 30 minute time period.
Another option would be to put a captcha on the page to ensure that the user is a human and not a bruteforcing program.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
