* Juerd Waalboer <[email protected]> [2007-06-05 22:45]: > > providing an API for AJAX to check, say, a username like this > > could assist some blackhat in an attempt to bruteforce > > accounts on the service... > > Just put the captcha at the beginning instead of the end.
As well as the choice of username. Then collect the password and anything else such as email etc in an extra step. Make sure not to create the account until that extra step is completed; just mark the username as reserved for a few minutes. The first step is only for picking an available username and confirming that you're not a machine. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/>
