8 May
2007
8 May
'07
1:51 a.m.
Hello all, One of my friends has a sign-up page that contains an AJAX call to the server that check the username availability without submitting the page. This is not much unlike many sign-up services now-a-days. He was wondering how he could prevent someone from abusing this by writing his own page which could gather information from repeatedly calling the web server via AJAX calls? I've read many threads on AJAX security, but none that I have read handle such a trivial scenario. The above case is very simple but I'd like to see what people have in mind to protect against abusing such a call to gain sensitive site data. Thanks!