I'm about to add this functionality to my user registration page, so I'm wondering the same.
The protection I have at the moment is pretty basic.... I check the HTTP referrer to make sure the AJAX call is coming from my registration page. With a blank or mismatched referrer, the script will always return a username as unavailable.
Unfortunately the referrer is easily spoofed, so I'm not sure how effective this will be.
-------------------------------------------------- From: "howa" <[EMAIL PROTECTED]> Sent: Tuesday, November 20, 2007 1:25 PM To: "jQuery (English)" <jquery-en@googlegroups.com> Subject: [jQuery] AJAX Security
Well, this is not JQuery related, but I want to know the current best practices in AJAX developments... In an AJAX apps, such as user registration, we might have a API for user to check if their desired user name has been taken by another user. If we expose this API using AJAX, then it might become very easy for other people to automate a computerized bot to query our system. Are there any plattern(?) to provide some kind of security to the apps such that bot can be prevented? Thanks.