Rails - May 2005 - Newbie to Ruby

Hi

I''ve read about Ruby on Rails. How does it compare to PHP? I''m
currently
trying to get up to speed with JSP2/Servlets but I''ve been told that
PHP is
more suitable for small jobs for small businesses.

With PHP I''m worried about:

1 Scalablity
2 The default settings in php.ini being changed either with a new release
or by the web host
3 Security

How does Ruby deal with these?

Thanks

Peter Mount
info@petermount.au.com



--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

> 2 The default settings in php.ini being changed either with a new release
or by the web host
Ruby doesn''t have a ruby.ini.  A well designed language
doesn''t need a
configuration file ;-)  Furthermore, ruby apps are usually run in a
way that works with suexec, which means no safemode or open_basedir. 
There are a few things the host can configure that can break your
setup (e.g. the request timeout needs to be really long if you want to
handle big http file uploads; if it''s too short, uploads will just
time out and give no user feedback), but overall, ruby is much less
prone to configuration issues than php.
> 3 Security
In my experience, the #1 security problem in php scripts is SQL
injection.  Granted, the problem is lessened when magic_quotes_gpc is
turned on, but that''s a generally poor solution because it allows you
to stop thinking about escaping user data, and on those odd occasions
when you have user-supplied data coming from somewhere besides get,
post, and cookies, it will come back to bite you.

Rails avoids all this by putting the responsibility for escaping data
in ActiveRecord, which means you don''t have to worry about it except
on those rare occasions when you are writing your own sql queries (and
even then, AR makes it easy to be safe).

I''ve only been using rails for six weeks now, so I''m not an
expert,
but those are my impressions so far.

On 5/23/05, info-WnMY9/67OiaRzhckbKSi8wC/G2K4zDHf@public.gmane.org
<info-WnMY9/67OiaRzhckbKSi8wC/G2K4zDHf@public.gmane.org>
wrote:
> Hi
> 
> I''ve read about Ruby on Rails. How does it compare to PHP?
I''m currently
> trying to get up to speed with JSP2/Servlets but I''ve been told
that PHP is
> more suitable for small jobs for small businesses.
> 
> With PHP I''m worried about:
> 
> 1 Scalablity
> 2 The default settings in php.ini being changed either with a new release
> or by the web host
> 3 Security
> 
> How does Ruby deal with these?
> 
> Thanks
> 
> Peter Mount
> info-WnMY9/67OiaRzhckbKSi8wC/G2K4zDHf@public.gmane.org
> 
> 
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

On 5/24/05, Tyler Kiley
<tyler.kiley-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> A well designed language doesn''t need a
> configuration file ;-) 
That''s not really the case - Rails uses Configuration as code -
Environment.rb being an example. Just because it''s Ruby code does not
mean it isn''t configuration as well :-) And not needing a
configuration file has very little to do with the language, and much
more to do with the application.

As for security, you are less vulnerable to SQL injection attacks if
you use ActiveRecord for everything - bypass active record for
whatever reasons and you are of course on your own. Ruby is still
vulnerable to other security flaws such as XSS and CSRF which aflict
pretty much any webapp - fixes for other applications for these
exploits can be used in your rails application.

As for scalability, PHP has a far better story when it comes to
scaling. Rails may provide scalability of the same magnitude but there
isn''t as much knowledge or experience out there (better the devil you
know and all that). That has to be a consideration when thinking of
rolling out a rails apps - at least go into it with your eyes wide
open.

As a language, Ruby is nicer than PHP with more advanced language
features. It''s tool support from a developer standpoint is at least as
limiting as PHP, so again that has to be another consideration.

What Rails does give you in spades is a collection of decent APIs
which all work together out of the box and give you a large amount of
flexibility - with PHP you''re going to have to pull theses things
together yourself.


-- 
sam
http://www.magpiebrain.com/

On 5/25/05, Sam Newman
<sam.newman-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On 5/24/05, Tyler Kiley
<tyler.kiley-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > A well designed language doesn''t need a
> > configuration file ;-)
> 
> That''s not really the case - Rails uses Configuration as code -
> Environment.rb being an example. Just because it''s Ruby code does
not
> mean it isn''t configuration as well :-) 
Apples and Oranges... php.ini is a configuration file that controls
the behavior of the PHP language, regardless of what PHP apps you''re
running. Environment.rb is a configuration file that controls a few
details of how the rails _framework_ operates within the webserver
it''s running on.

What I''m saying is, you''ve got one php.ini that controls php
directly
and influences all php apps on your server globally. environment.rb is
a per-app configuration for each rails app that you''re running.

I agree with the sentiment that a programming language shouldn''t need
a configuration file. A web framework, on the other hand, definitely
needs some kind of configuration, otherwise all websites made with it
would look and act pretty much identically.

Better to compare PHP with Ruby, IMHO. Rails is a framework, php is a
language. Php gives you very little, you have to code everything up
yourself. Rails gives you tons of pre-built pieces, you just have to
put them together how you like it.

-- 
Urban Artography
http://artography.ath.cx

On 5/25/05, Rob Park <rbpark-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Better to compare PHP with Ruby, IMHO. Rails is a framework, php is a
> language. Php gives you very little, you have to code everything up
> yourself. Rails gives you tons of pre-built pieces, you just have to
> put them together how you like it.
Thank you! I''ve been struggling to explain to people that Rails itself
will ultimately only succeed on a wide scale if Ruby itself
succeeds...

-- 
sam
http://www.magpiebrain.com/