username availability security concerns

In a registration form I have, I put an ajax call to check if the username is available.

However, I am concerned that this opens开发者_如何学编程 up the system for a bot checking for valid usernames.

How can I secure the service from external calls?

Thanks

How can I secure the service from external calls?

Well... ANY user trying to register would be an "external call"!

I don't see how username checking would be a security risk. A bot could just register as fsdjiojiejfio and be pretty darn sure nobody took that before.

I would rather invest time into securing the registration process so that bots cannot register, even with a valid username.

I presume your concern is that allowing "is this username available?" checks would allow someone with nefarious intent to only have to guess a password to log in, rather than having to guess a username as well. I think that's a valid concern, though I'm not sure I would worry myself overly about it.

The only secure way around this issue, I think, would be to require a captcha before you get to the registration page.