File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Ruby and the fly likes security and other aspects Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Languages » Ruby
Bookmark "security and other aspects" Watch "security and other aspects" New topic
Author

security and other aspects

Geetha Ram
Greenhorn

Joined: Mar 20, 2008
Posts: 6
HI Peter Cooper,

has Ruby completely evolved.

I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.

Thanks,
--Jyothsna


Peter Cooper
Author
Greenhorn

Joined: Jul 17, 2009
Posts: 25
I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.

because, recently I heard there is a security vulnerability (XSS) in RAILS framework..

so, is it in par with java and other frameworks.


Firstly, as you seem to be aware, Rails isn't the be-all and end-all of Ruby Web application development, but.. it is the most popular method, still

Regarding the XSS vulnerability, there have been some concerns over the Rails team's handling of security issues recently but they seem to be picking up on it. I can't speak for Java frameworks but PHP frameworks and apps seem to have as many, if not more, security issues - consider the widespread WordPress attack this week. PHP also has had, over the years, a lot of attack vectors which led to the popularity of safe mode.

I'd say you hear more about potential issues in Rails now because people seem to like talking about Rails a lot for some reason, Rails has quite a big share in terms of new projects right now, and there are some people who are very keen to spread bad news about Rails, whereas these sort of security issues are not really broadcast with other systems.


Author of Beginning Ruby (Apress): http://bit.ly/t31ag
Editor of Ruby Inside and RubyFlow
Geetha Ram
Greenhorn

Joined: Mar 20, 2008
Posts: 6
Thanks Peter for the quick and appropriate reply.
Michael Sullivan
Ranch Hand

Joined: Dec 26, 2003
Posts: 235
I read the article on the Rails XSS vulnerability. I also saw that by the time the article hit the streets, the patch was available. Contrast this to other frameworks which don't offer any XSS safety, leaving it entirely to the developer to handle.

What you have to keep in mind that Rails, and by proxy Ruby, get a lot of press for being upstart competitors to the corporeal twins (.net and Java) and their associated frameworks. I'd focus on how many Rails clones there are (many), and why many high profile organizations and individuals support the Ruby language.

The article in question took one incident and blew it out of proportion. Would we ever say, "If Java or ANY of it's frameworks EVER have a security issue... stop using them, and stop using all sites made with them"?

If so, you might not want to use Struts
Hmmn.... JSF seems to also have had issues in the past.
Even the MyFaces Implimentation had XSS issues at some point.

So, take the recent Rails XSS articles with a grain of salt.



Vyas Sanzgiri
Ranch Hand

Joined: Jun 16, 2007
Posts: 686

Can someone point to the article? What are some of the other web frameworks that can be used?


===Vyas Sanzgiri===
My Blog
Himalay Majumdar
Ranch Hand

Joined: Sep 28, 2008
Posts: 324
These are the ones I know.

In alphabetical order.

Camping 1.5
Merb 1.0 RC2
Ruby on Rails 2.3.3
Sinatra 0.9.2

This link should be helpful.

SCJP 1.6, SCWCD 5.0, SCBCD 5.0 [loading..]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: security and other aspects
 
Similar Threads
Rails as a mentor not as a used framework
Rails, Ruby and Ruby on Rails
What do you think of Ruby/Rails?
IDE for Ruby/Rails
What is Rails ?