All threads / Require Work Email Address on Registration Discussion

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Require Work Email Address on Registration Discussion

Thanks Chris! Pretty straightforward indeed.

Reply

Awesome Chris! Thank you so much for adding the tests.

A possible suggestion: How to start testing (from scratch) an existing app that doesn't have any tests (or test facility) set up yet.

Reply

Once security concern to be aware of when implementing this type of registration system is that many support systems can be abused to receive email on a corporate domain name.

For example, when creating a support ticket with Spotify they might generate a [email protected] email address for your support ticket. You could then use this email address to by sign up to a service that uses the described corporate-email restriction. The confirmation email would be send to the support ticket email address, which you then (as the original Spotify user creating the support ticket) would likely to get notified of. Allowing you to confirm the email address.

The protect yourself from such a hack, make sure to use a special subdomain (e.g. support.spotify.com) for these kind of support ticket emails and code your corporate-email validation such that only root domains (@spotify.com) are allowed. (as described by Chris)

Reply
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 47,776+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2021 GoRails, LLC. All rights reserved.