Win a copy of Transfer Learning for Natural Language Processing (MEAP) this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Paul Clapham
  • Devaka Cooray
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Knute Snortum
  • Liutauras Vilda
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Piet Souris
Bartenders:
  • salvin francis
  • Carey Brown
  • Frits Walraven

security and other aspects

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI Peter Cooper,

has Ruby completely evolved.

I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.

Thanks,
--Jyothsna


 
Author
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.



Firstly, as you seem to be aware, Rails isn't the be-all and end-all of Ruby Web application development, but.. it is the most popular method, still

Regarding the XSS vulnerability, there have been some concerns over the Rails team's handling of security issues recently but they seem to be picking up on it. I can't speak for Java frameworks but PHP frameworks and apps seem to have as many, if not more, security issues - consider the widespread WordPress attack this week. PHP also has had, over the years, a lot of attack vectors which led to the popularity of safe mode.

I'd say you hear more about potential issues in Rails now because people seem to like talking about Rails a lot for some reason, Rails has quite a big share in terms of new projects right now, and there are some people who are very keen to spread bad news about Rails, whereas these sort of security issues are not really broadcast with other systems.
 
Geetha Ram
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter for the quick and appropriate reply.
 
Ranch Hand
Posts: 235
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I read the article on the Rails XSS vulnerability. I also saw that by the time the article hit the streets, the patch was available. Contrast this to other frameworks which don't offer any XSS safety, leaving it entirely to the developer to handle.

What you have to keep in mind that Rails, and by proxy Ruby, get a lot of press for being upstart competitors to the corporeal twins (.net and Java) and their associated frameworks. I'd focus on how many Rails clones there are (many), and why many high profile organizations and individuals support the Ruby language.

The article in question took one incident and blew it out of proportion. Would we ever say, "If Java or ANY of it's frameworks EVER have a security issue... stop using them, and stop using all sites made with them"?

If so, you might not want to use Struts
Hmmn.... JSF seems to also have had issues in the past.
Even the MyFaces Implimentation had XSS issues at some point.

So, take the recent Rails XSS articles with a grain of salt.



 
Ranch Hand
Posts: 686
Netbeans IDE Chrome Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone point to the article? What are some of the other web frameworks that can be used?
 
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These are the ones I know.

In alphabetical order.

Camping 1.5
Merb 1.0 RC2
Ruby on Rails 2.3.3
Sinatra 0.9.2

This link should be helpful.
 
A tiny monkey bit me and I got tiny ads:
Two software engineers solve most of the world's problems in one K&R sized book
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic