I have a similar case here. My project also using Devise and we are trying to restrict access to users even robots to the public site. What we have done is using Devise http_authenticatable to authenticate users in our database, which is working quite well.
Cheers, Lecky On Jun 26, 5:24 am, Jason Michael <chewman...@gmail.com> wrote: > I found a gem devise_invitable which allows you to initiate the > confirmable sequence from inside the app only after you've been > authenticated. You can tweak this to allow only certain users to > invite other users. In addition to what you've suggested, I'm adding > this functionality. > > Thanks for your help! > > On Fri, Jun 25, 2010 at 2:11 PM, Anand Ramanathan <rcan...@gmail.com> wrote: > > You could do one or more of the following: > > 1. Isolate all content by user, if possible: if your design permits it, > > allow users only to view and edit content under their own user id, and that > > way, they cannot damage other users' content. > > 2. Dont use the registerable and confirmable options in devise - have a mail > > account where people send requests to register, and validate the request and > > add the user yourself (you can do that from the rails console, or by adding > > an admin form for this purpose). > > 3. I know you can customize the views generated by devise, so it may be > > possible to validate the registration email field with any custom > > validations you require (say, if you want only people from specific domain > > email accounts to be allowed to register). > > HTH, > > Anand > > On Fri, Jun 25, 2010 at 7:01 AM, chewmanfoo <chewman...@gmail.com> wrote: > > >> I'm using Devise for authentication on a corporate website which is > >> now only in our intranet. I need to build an interface (controllers > >> and views) for our customers to access the site out on the internet, > >> on a publicly addressable url. Right now, you can sign up for an > >> account on the site simply by furnishing a valid email address (you > >> need a valid email address, since Devise sends you a confirmation > >> email which you must click through to gain access). If I make this > >> site publicly available I'll have all sorts of Tom, Dick and Harry > >> nefarious users and bots joining in and posting porn links in text > >> fields and deleting sensitive. I do log all activity, so I'd know who > >> did the dirty deed, but recovering from vandalism won't be fun. > > >> Does Devise support protection from bots creating accounts? > > >> Is there a best practices for giving access to only a few people on > >> the internet (our customers) without allowing everyone to create an > >> account? > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Ruby on Rails: Talk" group. > >> To post to this group, send email to rubyonrails-t...@googlegroups.com. > >> To unsubscribe from this group, send email to > >> rubyonrails-talk+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >>http://groups.google.com/group/rubyonrails-talk?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-t...@googlegroups.com. > > To unsubscribe from this group, send email to > > rubyonrails-talk+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/rubyonrails-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
