On Tue, Jun 11, 2024 at 10:41:33PM +0000, Martin wrote: > But what useful methods exists that prevent spamming a HTML signup form > from stuffing the database with useless signups? > > Naturally the accounts that haven't been validated one way or another > gets deleted, but the initial signup is a problem as thousands upon > thousands of requests are stored before deletion.
Out of curiosity, what exactly is the issue here? >From what you've told us it seems as if the genuine signups are being validated by some external means, (such as a confirmation email loop or sms which doesn't require manual intervention by you), and fake signups are stored for a temporary period before being deleted automatically. So the intended result is being achieved. Anything you add to detect fake signups from being submitted is almost guaranteed to have a negative effect on some or all of your genuine users. Why is it a problem to have 'thousands' of requests stored temporarily, if those are later deleted? Is this database using a lot of storage? Is parsing it using a lot of CPU? If that's the issue then presumably either your code is very inefficient or you're using underpowered hardware.