php - ajax onchange username validation and brute force attacks -
i have created ajax onchange validation username. if user enters username exists or contains invalid characters or shorter, etc. gets warning: username exists/contains invalid characters/is shorter than...
ajax onchange takes user input, php validates.
now thinking. in such way possible brute forcefulness attackers easy can info existing usernames...? or no danger....?
essentially how username validation requests work sending request server. because using ajax here not create more susceptible brute forcefulness attacks.
however maintain few things in mind @nickfury said, create sure have have retry limit. maybe utilize exponentially increasing time password retries.
enforcing password size limit , other guidelines along retry limit create brute-force practically impossible. however if user decides utilize welcome his/her password thats fault.
but create sure never store passwords in database plain text. utilize bcrypt.
php ajax
No comments:
Post a Comment