On Fri, Aug 5, 2011 at 10:32 AM, Leonel *.* <[email protected]> wrote: > I have a Forgot my password page where the user enters his/her email. > How can I prevent someone from entering different email addresses trying > to guess them or spamming my users?
I'm not sure what the problem is -- if someone enters an invalid email address, ignore it. If it is valid, send the email. If your message to the user is noncommittal -- "If that email is in our database, we'll ...." then no information re' validity is exposed. And if they do enter a valid email that's not their own -- well, what of it? Seems pretty pointless to me. And I get those kind of messages occasionally, sure, but who cares? Or is there some aspect of this that I'm missing? -- Hassan Schroeder ------------------------ [email protected] http://about.me/hassanschroeder twitter: @hassan -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
