is this a secure approach in ActiveRecords in Rails?

Posted by Adnan on Stack Overflow See other posts from Stack Overflow or by Adnan
Published on 2010-04-09T07:50:43Z Indexed on 2010/04/09 7:53 UTC
Read the original article Hit count: 262

Hello,

I am using the following for my customers to unsubscribe from my mailing list;

  def index
    @user = User.find_by_salt(params[:subscribe_code]) 
    if @user.nil? 
      flash[:notice] = "the link is not valid...."
      render :action => 'index'
    else    
      Notification.delete_all(:user_id => @user.id)
      flash[:notice] = "you have been unsubscribed....."
      redirect_to :controller => 'home'
    end 
  end 

my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333

so the above compares the random string to a field in my user table and accordingly deletes data from the notification table.

My question; is this approach secure? is there a better/more efficient way for doing this?

All suggestions are welcome.

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about activerecord