I'm using Devise for authentication on a corporate website which is
now only in our intranet. I need to build an interface (controllers
and views) for our customers to access the site out on the internet,
on a publicly addressable url. Right now, you can sign up for an
account on the site simply by furnishing a valid email address (you
need a valid email address, since Devise sends you a confirmation
email which you must click through to gain access). If I make this
site publicly available I'll have all sorts of Tom, Dick and Harry
nefarious users and bots joining in and posting porn links in text
fields and deleting sensitive. I do log all activity, so I'd know who
did the dirty deed, but recovering from vandalism won't be fun.
Does Devise support protection from bots creating accounts?
Is there a best practices for giving access to only a few people on
the internet (our customers) without allowing everyone to create an