[Brug-talk] using RoR for a "serious" site: how about security and performance ?

[Peter Vandenabeele]

Hi,

I am Peter Vandenabeele and new to RoR. If I would build a
site that would contain confidential data (e.g. a list of users,
trusting me to not leak info like e.g. their e-mail addresses,
real name, ...) and the site needs to process a large number
of hits, would RoR then be a good candidate ?

On the security side for Web applications, a lot issues need
to be taken into account: cross site scripting, SQL injection,
session cookies, etc. etc. How mature is RoR on the security
side for "serious" applications? How fast are security problems
resolved ? Do we know of security flaws that where exploited ?
How does RoR compare against other common server
technologies like Java and PhP ?

On the performance side, Ruby is a scripting language, but
do I understand correctly that e.g. JRuby and other initiatives
my allow faster executing ? Does Ruby also offer things like
"hot spot" run-time compilers etc. ? Or is performance
already better than other technologies, so this is a non-issue ?

Actually, do we know publicly in which server technologies,
really big sites like LinkedIn, Xing, Spock and closer to home,
netlog, are built ?

Do we know of large cases of publicly accessible sites, containing
sensitive data that _are_ built in RoR. This list:

  http://www.workingwithrails.com/browse/sites/country/Belgium

was not that reassuring ... (might make sense to list a little more
Belgian RoR projects there). And even on this list,

  http://www.workingwithrails.com/browse/sites/country/United+States

I did not immediately recognize large names (but they may just be me).

Thanks a lot for any comments,

Peter

-- 
Peter Vandenabeele
http://www.vandenabeele.com/
http://www.linkedin.com/in/petervandenabeele/
http://www.taximize.be/
http://del.icio.us/petervandenabeele