On Aug 5, 2011, at 1:32 PM, Leonel *.* wrote:
I have a Forgot my password page where the user enters his/her email.
How can I prevent someone from entering different email addresses
trying
to guess them or spamming my users?
Is there like an IP-based time expiring strategy you would suggest?
You might be able to stash the fact that the user requested a reset in
the session, and only allow it to happen once per session. They'd have
to quit their browser or whatever to do it a second time.
Walter
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
