is this a secure approach in ActiveRecords in Rails?
Posted
by Adnan
on Stack Overflow
See other posts from Stack Overflow
or by Adnan
Published on 2010-04-09T07:50:43Z
Indexed on
2010/04/09
7:53 UTC
Read the original article
Hit count: 262
Hello,
I am using the following for my customers to unsubscribe from my mailing list;
def index
@user = User.find_by_salt(params[:subscribe_code])
if @user.nil?
flash[:notice] = "the link is not valid...."
render :action => 'index'
else
Notification.delete_all(:user_id => @user.id)
flash[:notice] = "you have been unsubscribed....."
redirect_to :controller => 'home'
end
end
my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333
so the above compares the random string to a field in my user table and accordingly deletes data from the notification table.
My question; is this approach secure? is there a better/more efficient way for doing this?
All suggestions are welcome.
© Stack Overflow or respective owner