Thanks I was looking exactly for answer like yours - Andrei's answer is cool and I only needed more theory on these unsubscribe links. Thanks Dihital :)
22 юли 2012, неделя, 17:41:54 UTC+3, Dihital написа: > > Andrei's solution works because with Device gem the User#auth_token is > randomly generated and unique per your app. It would be extremely hard to > brute-force it, that's why it's safe; though it would be a good idea to > make sure you deny 4th or whichever unsuccessful try to use the same action > in the same context (i.e. relating to the same user; similarly to that when > you get your account locked if you enter PIN 3 times unsuccessfully) if you > are expecting to be brute-forced or simply have higher security level > required by the client or yourself. > > The basic principle could be seen put into practice all over the > security-related fields: make it harder to brute force it than the data > that the "offender" tries to get hold of is worth. > > 2012/7/22 Tsvetelina Borisova <[email protected]> > >> Thanks for the quick response :) >> >> 22 юли 2012, неделя, 15:14:13 UTC+3, Андрей Большов написа: >> >>> You should look at Devise gem Token Authenticatable solution as example. >>> You just add "?auth_token=#{@user.auth_**token}" to your unsubsribe url. >>> >>> воскресенье, 22 июля 2012 г., 15:06:58 UTC+4 пользователь Tsvetelina >>> Borisova написал: >>>> >>>> Hello. In my app I send emails to tell that the user has certificate >>>> and I want to put a link - Unsubscribe. I don't know how to construct this >>>> link so that there won't be users that unsubscribe other users. I mean I >>>> want to make that is safe. I look in the web for how these unsubscribe >>>> links are made but I couldn't find anything. Can someone help me? Thanks >>>> in >>>> advance >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/rubyonrails-talk/-/L46k5wCBkEsJ. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/CMBCK2M2zw8J. For more options, visit https://groups.google.com/groups/opt_out.
