Hi,<br><br>Around security, be sure to check out: <a href="http://www.quarkruby.com/2007/9/20/ruby-on-rails-security-guide">http://www.quarkruby.com/2007/9/20/ruby-on-rails-security-guide</a> and <a href="http://www.rorsecurity.info/ruby-on-rails-security-cheatsheet/">
http://www.rorsecurity.info/ruby-on-rails-security-cheatsheet/</a> <br><br>The first link contains tons of info. It focuses on rails but is applicable to all database driven websites: sql injection can happen everywhere and requires a developer to be alert each and every time he/she writes a query based upon input from the user. Same with cross site scripting, if you allow your users to enter script tags in your forms and you render this without proper escaping, you have a security issue, regardless whether you use php, rails or java... Same for password encryption and so on...
<br><br>With regards on scalability and what the larger websites of this world run upon, a recent article I came across talks about this. <a href="http://royal.pingdom.com/?p=173">http://royal.pingdom.com/?p=173</a><br><br>
An interesting read on scaling a large rails app can be found here <a href="http://poocs.net/2006/3/13/the-adventures-of-scaling-stage-1">http://poocs.net/2006/3/13/the-adventures-of-scaling-stage-1</a><br><br>Regards,<br>
Nick.<br><br><div><span class="gmail_quote">On 10/3/07, <b class="gmail_sendername">Peter De Berdt (10-forward)</b> <<a href="mailto:peter@10-forward.be">peter@10-forward.be</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><br><div><span class="q"><div>On 10 Aug 2007, at 19:16, Peter Vandenabeele wrote:</div><br><blockquote type="cite"><p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
I am Peter Vandenabeele and new to RoR. If I would build a</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
site that would contain confidential data (e.g. a list of users,</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
trusting me to not leak info like e.g. their e-mail addresses,</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
real name, ...) and the site needs to process a large number</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
of hits, would RoR then be a good candidate ?</font></p></blockquote><div><br></div></span><div>Sure, I've found Rails application to be nicely scalable and optimizable and you can do it when there's a need:</div>
<div>• Caching</div><div>• Balancing (e.g. database on one server, web servers on another, …)</div><div>• Memcache for even more speed</div><span class="q"><div>• …</div><br><blockquote type="cite"> <p style="margin: 0px;">
<font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">On the security side for Web applications, a lot issues need
</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
to be taken into account: cross site scripting, SQL injection,</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
session cookies, etc. etc. How mature is RoR on the security</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
side for "serious" applications? How fast are security problems</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
resolved ? Do we know of security flaws that where exploited ?</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
How does RoR compare against other common server</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
technologies like Java and PhP ?</font></p></blockquote><div><br></div></span><div>Java and PHP are just as vulnerable to the security issues you are mentioning. That said, if you follow proper procedure like escaping the data from the database in your views etc., Rails is very secure. It has everything in it for you to make sure security is tight. The Agile Web Development with Rails book has a chapter on these issues.
</div><span class="q"><br><blockquote type="cite"> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
On the performance side, Ruby is a scripting language, but</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
do I understand correctly that e.g. JRuby and other initiatives</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
my allow faster executing ? Does Ruby also offer things like</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
"hot spot" run-time compilers etc. ? Or is performance</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
already better than other technologies, so this is a non-issue ?</font></p></blockquote><div><br></div></span><div>Ruby (current version) is slower at certain things than some other languages out there, but it develops a lot faster and is easily maintainable. With the performance of computers nowadays and the fact that most of the time to process a request is spent in the database queries, I consider this a non-issue.
</div><span class="q"><br><blockquote type="cite"> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
Actually, do we know publicly in which server technologies,</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
really big sites like LinkedIn, Xing, Spock and closer to home,</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
netlog, are built ?</font></p></blockquote><div><br></div></span><div>Could be just about anything, but it shouldn't matter to you. It's important you use the language and framework you feel good about, and Rails development does that for me.
</div><span class="q"><br><blockquote type="cite"> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
Do we know of large cases of publicly accessible sites, containing</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
sensitive data that _are_ built in RoR. This list:</font></p> <p style="margin: 0px; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; min-height: 14px;">
<br></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
<span> </span><a href="http://www.workingwithrails.com/browse/sites/country/Belgium" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.workingwithrails.com/browse/sites/country/Belgium</a>
</font></p> <p style="margin: 0px; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; min-height: 14px;">
<br></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
was not that reassuring ... (might make sense to list a little more</font></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
Belgian RoR projects there). And even on this list,</font></p> <p style="margin: 0px; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; min-height: 14px;">
<br></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
<span> </span><a href="http://www.workingwithrails.com/browse/sites/country/United+States" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.workingwithrails.com/browse/sites/country/United+States
</a></font></p> <p style="margin: 0px; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; min-height: 14px;">
<br></p> <p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">
I did not immediately recognize large names (but they may just be me).</font></p> </blockquote></span></div><br> <span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<p style="margin: 0px; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; min-height: 14px;">37signals and twitter are well known if you ask me.
<br></p></span><div><span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div><br></div><div style="margin: 0px;">Best regards.</div><div style="margin: 0px; min-height: 14px;"><br></div><div style="margin: 0px; min-height: 14px;"><br></div><div style="margin: 0px;">Peter De Berdt</div><div style="margin: 0px;">
Research & Development</div><div style="margin: 0px;">Software Expert</div><div style="margin: 0px; min-height: 14px;"><br></div><div style="margin: 0px;">______________________</div><div style="margin: 0px;"><b style="font-weight: bold;">
<span style="font-weight: bold;">10-forward</span></b></div><div style="margin: 0px;">Zwarteweg 28</div><div style="margin: 0px;">B-8433 Middelkerke<span> </span></div><div style="margin: 0px;">Mobile : (0473) 38 35 86</div>
<div style="margin: 0px;"><a href="mailto:info@10-forward.be" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">info@10-forward.be</a></div><div style="margin: 0px;"><a href="http://www.10-forward.be" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.10-forward.be</a></div><div style="margin: 0px;">______________________</div><div style="margin: 0px;"><br></div><br></span> </div><br></div><br>_______________________________________________<br>Brug-talk mailing list
<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Brug-talk@rubyforge.org">Brug-talk@rubyforge.org</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://rubyforge.org/mailman/listinfo/brug-talk" target="_blank">
http://rubyforge.org/mailman/listinfo/brug-talk</a><br><br></blockquote></div><br>