mgroves.com — The goal of this AJAX example is to allow a user who is registering for your site to see if the username they want to use is taken already or not, without having to submit a form and reload the page. I believe Digg already uses something similar to this.
Feb 24, 2006 View in Crawl 4
kauntnullFeb 24, 2006
this is not just an excellent AJAX usage example, it is as well a typical example of how to compromise your own server environment as easy as possible. this way it's very easy to help hackers find out usernames that are already in use, to ease their work to hack into accounts. great!(caution, the lines above contain significant portions of sarcasm!)
boohissFeb 24, 2006Submitter
KauntNull, I removed all usernames/passwords from my examples and source code...and any username/password you would use would be in ASP/PHP, not in clientside JS, so...what exactly are you talking about?
boohissFeb 24, 2006Submitter
Oh, I understand. It lets you find usernames.For instance, finding "KauntNull" just by looking at this page? I'm not sure how much you are joking...
singee15Feb 25, 2006
We need a new category for stories: AJAX. I love ajax but this is getting rediculus.
grrreatFeb 25, 2006
what we need is not another category but the ability to add tags to stories... ?
kauntnullFeb 26, 2006
@boohiss:yes, that way it wa meant - it helps you find usernames that are already in use - which brings a hacker at least one step further to hack into an account - he already knows the name and the spelling for sure then - without the need to reload a page over and over again (which would cost him time, much more time).ever thought about the reason why most sites don't tell you whether you've mistyped the username or the password if you make a mistake when logging in? the answer is simple - don't tell the one who tried it out whether the user exists at all!Get me right - I am a great AJAX fan, but this feature is not a feature in my eyes, it's a danger.
boohissFeb 26, 2006Submitter
"Get me right - I am a great AJAX fan, but this feature is not a feature in my eyes, it's a danger."Your concern doesn't make sense...I got the correct spellings of 20+ usernames just from looking at this page alone, but that doesn't mean I'll be able to hack into your Digg account or anything else for that matter.All this AJAX feature does is speed up what would normally take a full form submission and page refresh to do. If finding usernames is a security concern, then eBay, Digg, Slashdot, and countless other sites are "vulnerable" because of the simple fact that they display usernames all the time as part of their functionality.
atlienMay 24, 2006
Thanks for the tutorial, it has helped!
boohissJul 24, 2006Submitter
You are certainly welcome!
yakitoJul 24, 2006
Did anyone find something like this working on PHP?
boohissAug 7, 2006Submitter
Yakito, I have another example of this framework that I wrote in PHP. It's barely different than ASP, but you can check it out here (including source code): <a class="user" href="http://www.mgroves.com/blog_archive.php?blogID=57">http://www.mgroves.com/blog_archive.php?blogID=57</a>
nik00726Sep 15, 2011
Here is another PHP MYSQL JQUERY Username availability checker
http://www.my-php-scripts.net/index.php/Jquery/ajax-username-availability.html