[Cialug] OT: Ruby on Rails

Eric Junker eric at eric.nu
Wed Aug 17 09:01:09 CDT 2011


On 8/17/2011 8:34 AM, L. V. Lammert wrote:
> On Wed, Aug 17, 2011 at 7:40 AM, Stuart Thiessen<thiessenstuart at aol.com>wrote:
>
>>  From recent emails, it seems that several encourage Ruby or Python over PHP
>> for security reasons. Is Ruby that much more secure? How so?
>>
> The choice many times isn't Ruby vs. Python, rather Rails vs. [a Python
> Framework] or CakePHP. Modern web applications require sophisticated
> structure on the server to enable managing an application, and the
> Framework provides the structure and tools to make that happen:

Yes, that is an important distinction to keep in mind. PHP, Python and 
Ruby are programming languages and Rails, Django, CakePHP, etc. are web 
frameworks.

If security is important to you then I think which web framework you use 
would be more of a concern than the programming language.

A good web framework will handle the common security issues for you. For 
example, SQL injection is mostly not an issue if you are using an ORM so 
that you don't have to write SQL. XSS is minimized by using a templating 
system that automatically escapes/sanitizes variables before they are 
used in your views. And CSRF is prevented by having a form handling 
system that adds an authenticity token to your forms. Most frameworks 
also have pre-built libraries for authentication and authorization.

If you are interested in learning a bit of Ruby on Rails I would suggest 
taking a look at Rails for Zombies http://railsforzombies.org/

Eric



More information about the Cialug mailing list