Re: [Rails] Prevent user from abusing form

>> I have a Forgot my password page where the user enters his/her email.
>> How can I prevent someone from entering different email addresses trying
>> to guess them or spamming my users?
>>
>> Is there like an IP-based time expiring strategy you would suggest?
>
> You might be able to stash the fact that the user requested a reset in the session, and only allow it to happen once per session. They'd have to quit their browser or whatever to do it a second time.

Or implement a captcha...

I wouldn't do IP-based since you could potentially "block" and entire office or any large group behind a firewall...

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.