Re: [Rails] Re: How to construct unsubscribe link?

Thanks I was looking exactly for answer like yours - Andrei's answer is cool and I only needed more theory on these unsubscribe links. Thanks Dihital :)

22 юли 2012, неделя, 17:41:54 UTC+3, Dihital написа:

Andrei's solution works because with Device gem the User#auth_token is randomly generated and unique per your app. It would be extremely hard to brute-force it, that's why it's safe; though it would be a good idea to make sure you deny 4th or whichever unsuccessful try to use the same action in the same context (i.e. relating to the same user; similarly to that when you get your account locked if you enter PIN 3 times unsuccessfully) if you are expecting to be brute-forced or simply have higher security level required by the client or yourself.

The basic principle could be seen put into practice all over the security-related fields: make it harder to brute force it than the data that the "offender" tries to get hold of is worth.

2012/7/22 Tsvetelina Borisova <ts.borisova3@gmail.com>

Thanks for the quick response :)

22 юли 2012, неделя, 15:14:13 UTC+3, Андрей Большов написа:

You should look at Devise gem Token Authenticatable solution as example.

You just add "?auth_token=#{@user.auth_token}" to your unsubsribe url.

воскресенье, 22 июля 2012 г., 15:06:58 UTC+4 пользователь Tsvetelina Borisova написал:

Hello. In my app I send emails to tell that the user has certificate and I want to put a link - Unsubscribe. I don't know how to construct this link so that there won't be users that unsubscribe other users. I mean I want to make that is safe. I look in the web for how these unsubscribe links are made but I couldn't find anything. Can someone help me? Thanks in advance

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/L46k5wCBkEsJ.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/CMBCK2M2zw8J.
For more options, visit https://groups.google.com/groups/opt_out.