Hassan Schroeder wrote in post #1015184: > On Fri, Aug 5, 2011 at 10:32 AM, Leonel *.* <[email protected]> > I'm not sure what the problem is -- if someone enters an invalid email > address, ignore it. If it is valid, send the email. If your message to > the > user is noncommittal -- "If that email is in our database, we'll ...." > then > no information re' validity is exposed. > > And if they do enter a valid email that's not their own -- well, what of > it? Seems pretty pointless to me. And I get those kind of messages > occasionally, sure, but who cares? Or is there some aspect of this > that I'm missing?
Agreed, I mean what's to stop anyone from opening up their favorite email client, start typing in random email addresses in the To field and sending it off? It would be silly for your application to send emails to any random address that's not in your database. Besides all that, if we can ever get past every piddly web site creating their own username/password combinations and start using centralized user authentication (Twitter, Facebook, OpenID, etc.) this problem of forgetting passwords would go away. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
