On 11月21日, 上午6時34分, "Fabien Meghazi" <[EMAIL PROTECTED]> wrote:
> > With a blank or mismatched referrer, the script will always return a
> > username as unavailable.
>
> > Unfortunately the referrer is easily spoofed, so I'm not sure how effective
> > this will be.
>
> And just because it can be easily spoofed then you should not use referer.
>
Yes, I agreed using referrer is not a reliable method.
> Please explain the difference between your worries about an ajax
> application and a non-ajax application.
>
In non AJAX apps, automatic checking can be prevented using Captcha in
the registration page.
For example, in Yahoo, guess how they are checking?
e.g.
https://edit.yahoo.com/membership/json?PartnerName=yahoo_default&RequestVersion=1&AccountID=johndoe&GivenName=&FamilyName=&ApiName=ValidateFields&1763407
Howard
