is this a secure approach in ActiveRecords in Rails?
- by Adnan
Hello,
I am using the following for my customers to unsubscribe from my mailing list;
  def index
    @user = User.find_by_salt(params[:subscribe_code]) 
    if @user.nil? 
      flash[:notice] = "the link is not valid...."
      render :action => 'index'
    else    
      Notification.delete_all(:user_id => @user.id)
      flash[:notice] = "you have been unsubscribed....."
      redirect_to :controller => 'home'
    end 
  end 
my link looks like;
http://site.com/unsubscribe/32hj5h2j33j3h333
so the above compares the random string to a field in my user table and accordingly deletes data from the notification table.
My question; is this approach secure? is there a better/more efficient way for doing this? 
All suggestions are welcome.