[Cialug] OT: Ruby on Rails

David W. Body davidbody at bigcreek.com
Wed Aug 17 13:03:09 CDT 2011 

Everyone,

User groups can be good resource for anyone new to a particular technology.
Check out any of the following very active user groups:

Iowa Ruby Brigade <http://www.iowaruby.org/>

Iowa Python Users Group <http://www.pyowa.org/>

Des Moines Web Geeks <http://www.dsmwebgeeks.com/>

--David

On Wed, Aug 17, 2011 at 11:28 AM, Stuart Thiessen <thiessenstuart at aol.com>wrote:

> Thanks, everyone, for your comments. The clarification of framework vs.
> language was helpful. Now, I'm exploring whether it would be best for me to
> pursue Rails or CakePHP.
>
> Thanks,
>
> Stuart
>
> On Aug 17, 2011, at 10:13 , Matthew Nuzum wrote:
>
> On Wed, Aug 17, 2011 at 7:40 AM, Stuart Thiessen <thiessenstuart at aol.com>wrote:
>
>> From recent emails, it seems that several encourage Ruby or Python over
>> PHP for security reasons. Is Ruby that much more secure? How so?
>>
>> I work with a few websites for organizations I am a part of. So far, I
>> have used PHP for most of what I have worked with. I just noticed that our
>> provider (which previously only had Perl and PHP) now has Ruby available. I
>> wish they had Python, but apparently not yet. So ... as someone who knows
>> Perl, PHP, and Python, do any of you have suggestions on how I can leverage
>> those skills to help me learn Ruby? I glanced at it once, but didn't pursue
>> it because it wasn't available as a language our provider installed. What
>> kinds of relearning did you experience with Ruby? Any best tutorials, books,
>> or other resources for learning Ruby? I plan to do some googling today, but
>> I also prefer to find out what others have experienced too.
>>
>
> Two different types of answers that work together here.
>
> 1. PHP has a bad rap from the security industry because the docs have in
> the past encouraged some poor programming practices and the security team,
> instead of releasing security-only fixes include security fixes along with
> feature enhancements rolled together in the same release. Therefore if
> you're using PHP 4.3.2 and you've tested your software with it and you know
> it works, then a security prob pops up you have to upgrade to 4.3.3 which
> may change the way your software works and possibly break it. This makes
> people unhappy and security pros tend to have to do a lot more work
> backporting patches to stable versions.
>
> 2. PHP is low level. There's no templating built in, there's no
> abstraction, theres's no built in protections to prevent you from shooting
> yourself in the foot. If you build an app from scratch, which often means
> building a framework of your own (even if it's just loosely throwing smarty
> and adodb and a few other pieces together) there is no one looking out for
> the security and functionality of the end product but you.
>
> Contrast that to Rails and Django (and Cake PHP or Code Igniter in the PHP
> world) and you've got a whole team of people looking out for the security of
> the underlying framework of your app. You'd probably use their
> authentication system which uses password hashing, their ORM which provides
> SQL injection protection, their form library which includes CSRF protection.
> These are things then that provide a thick layer of security, often with
> numerous developers and security professionals scrutinizing carefully.
>
> You do have to keep your framework up to date though. I strongly suggest
> subscribing to the announcement list for your framework so that you get
> instant notices when updates are available. Many will explain how serious
> the need is to update. If you use add-ons then you should subscribe to their
> announcement list too, and think carefully about using add ons that don't
> take seriously the task of keeping people informed. Also, I don't suggest
> you install Rails or Django (or any framework) from your Linux
> distribution's package manager. It will be old and out of date and you'll be
> at the mercy of whoever the maintainer is. In Ubuntu, for example, you may
> have to install from Universe and there is no promise that you'll get timely
> updates.
>
> Now about learning a framework, you should tell us how you learn. Do you
> like books, videos, instructor training? Also, do you want to learn a new
> language or would you like to try out frameworks in PHP? If you want to
> stick with PHP then consider Cake, which is a rails like tool (i.e. follow
> the conventions, get a lot for free) or Code Igniter which gives you a pile
> of highly reusable tools that you stack together like legos. They're both
> great choices and you should consider them along with Django and Rails if
> you decide to make a change.
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
>
> ♫ You're never fully dressed without a smile! ♫
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110817/14817ec5/attachment.html>

More information about the Cialug mailing list