is this a secure approach in ActiveRecords in Rails?
- by Adnan
Hello,
I am using the following for my customers to unsubscribe from my mailing list;
def index
@user = User.find_by_salt(params[:subscribe_code])
if @user.nil?
flash[:notice] = "the link is not valid...."
render :action => 'index'
else
Notification.delete_all(:user_id => @user.id)
flash[:notice] = "you have been unsubscribed....."
redirect_to :controller => 'home'
end
end
my link looks like;
http://site.com/unsubscribe/32hj5h2j33j3h333
so the above compares the random string to a field in my user table and accordingly deletes data from the notification table.
My question; is this approach secure? is there a better/more efficient way for doing this?
All suggestions are welcome.