[development] AJAX security issue

Ashraf Amayreh mistknight at gmail.com
Mon May 7 23:51:16 UTC 2007


Hello all,

One of my friends has a sign-up page that contains an AJAX call to the
server that check the username availability without submitting the page.
This is not much unlike many sign-up services now-a-days. He was wondering
how he could prevent someone from abusing this by writing his own page which
could gather information from repeatedly calling the web server via AJAX
calls?

I've read many threads on AJAX security, but none that I have read handle
such a trivial scenario. The above case is very simple but I'd like to see
what people have in mind to protect against abusing such a call to gain
sensitive site data.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070508/4b31384f/attachment.htm 


More information about the development mailing list