Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security and other aspects

 
Geetha Ram
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI Peter Cooper,

has Ruby completely evolved.

I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.

Thanks,
--Jyothsna


 
Peter Cooper
Author
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.


Firstly, as you seem to be aware, Rails isn't the be-all and end-all of Ruby Web application development, but.. it is the most popular method, still

Regarding the XSS vulnerability, there have been some concerns over the Rails team's handling of security issues recently but they seem to be picking up on it. I can't speak for Java frameworks but PHP frameworks and apps seem to have as many, if not more, security issues - consider the widespread WordPress attack this week. PHP also has had, over the years, a lot of attack vectors which led to the popularity of safe mode.

I'd say you hear more about potential issues in Rails now because people seem to like talking about Rails a lot for some reason, Rails has quite a big share in terms of new projects right now, and there are some people who are very keen to spread bad news about Rails, whereas these sort of security issues are not really broadcast with other systems.
 
Geetha Ram
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter for the quick and appropriate reply.
 
Michael Sullivan
Ranch Hand
Posts: 235
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I read the article on the Rails XSS vulnerability. I also saw that by the time the article hit the streets, the patch was available. Contrast this to other frameworks which don't offer any XSS safety, leaving it entirely to the developer to handle.

What you have to keep in mind that Rails, and by proxy Ruby, get a lot of press for being upstart competitors to the corporeal twins (.net and Java) and their associated frameworks. I'd focus on how many Rails clones there are (many), and why many high profile organizations and individuals support the Ruby language.

The article in question took one incident and blew it out of proportion. Would we ever say, "If Java or ANY of it's frameworks EVER have a security issue... stop using them, and stop using all sites made with them"?

If so, you might not want to use Struts
Hmmn.... JSF seems to also have had issues in the past.
Even the MyFaces Implimentation had XSS issues at some point.

So, take the recent Rails XSS articles with a grain of salt.



 
Vyas Sanzgiri
Ranch Hand
Posts: 686
Chrome Netbeans IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone point to the article? What are some of the other web frameworks that can be used?
 
Himalay Majumdar
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These are the ones I know.

In alphabetical order.

Camping 1.5
Merb 1.0 RC2
Ruby on Rails 2.3.3
Sinatra 0.9.2

This link should be helpful.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic