[Cialug] OT: Ruby on Rails
Eric Junker
eric at eric.nu
Wed Aug 17 09:01:09 CDT 2011
On 8/17/2011 8:34 AM, L. V. Lammert wrote:
> On Wed, Aug 17, 2011 at 7:40 AM, Stuart Thiessen<thiessenstuart at aol.com>wrote:
>
>> From recent emails, it seems that several encourage Ruby or Python over PHP
>> for security reasons. Is Ruby that much more secure? How so?
>>
> The choice many times isn't Ruby vs. Python, rather Rails vs. [a Python
> Framework] or CakePHP. Modern web applications require sophisticated
> structure on the server to enable managing an application, and the
> Framework provides the structure and tools to make that happen:
Yes, that is an important distinction to keep in mind. PHP, Python and
Ruby are programming languages and Rails, Django, CakePHP, etc. are web
frameworks.
If security is important to you then I think which web framework you use
would be more of a concern than the programming language.
A good web framework will handle the common security issues for you. For
example, SQL injection is mostly not an issue if you are using an ORM so
that you don't have to write SQL. XSS is minimized by using a templating
system that automatically escapes/sanitizes variables before they are
used in your views. And CSRF is prevented by having a form handling
system that adds an authenticity token to your forms. Most frameworks
also have pre-built libraries for authentication and authorization.
If you are interested in learning a bit of Ruby on Rails I would suggest
taking a look at Rails for Zombies http://railsforzombies.org/
Eric
More information about the Cialug
mailing list