[Cialug] OT: Ruby on Rails
Josh More
MoreJ at alliancetechnologies.net
Wed Aug 17 08:30:59 CDT 2011
Roby and Python are generally more secure than PHP. However, there are some caveats:
1) A highly skilled PHP dev/admin will generally create a more secure system than a poorly skilled Ruby or Pythin dev/admin.
2) The more modules that you have loaded, the greater your risk exposure.
3) The lazier you are about applying updates, the greater your risk exposure.
Practically-speaking, I advocate using Drupal with a minimal set of modules. Run it on a LAMP stack with Mod_Security2, PHP-Suhosin and AppArmor. Update it at least once a week. If you do this, you'll be more secure than the common Ruby and Python apps out there.
Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701
Blog: Public attacks are on the rise. Are you protecting yourself?
http://www.alliancetechnologies.net/blogs/morej
How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Stuart Thiessen [thiessenstuart at aol.com]
Sent: Wednesday, August 17, 2011 07:40
To: cialug at cialug.org
Subject: [Cialug] OT: Ruby on Rails
>From recent emails, it seems that several encourage Ruby or Python over PHP for security reasons. Is Ruby that much more secure? How so?
I work with a few websites for organizations I am a part of. So far, I have used PHP for most of what I have worked with. I just noticed that our provider (which previously only had Perl and PHP) now has Ruby available. I wish they had Python, but apparently not yet. So ... as someone who knows Perl, PHP, and Python, do any of you have suggestions on how I can leverage those skills to help me learn Ruby? I glanced at it once, but didn't pursue it because it wasn't available as a language our provider installed. What kinds of relearning did you experience with Ruby? Any best tutorials, books, or other resources for learning Ruby? I plan to do some googling today, but I also prefer to find out what others have experienced too.
Thanks,
Stuart
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list