I’ve been flirting with it for a while (have had the book since it came out and installed Rails all over the place, just never had time to get into it), but last night I broke down and built my first web application with Ruby on Rails and all I have to say is wow. That was way easier than it should have been. Granted, it was painfully simple, but still, it was about an hour total between setting up the domain and database on Dreamhost to getting it tweaked and looking like I wanted (oh, and working). It was another 5 minutes with the book this morning to get the export feature working like I wanted (well, they wanted).\
Next time I need to build something outside of work (or hell, maybe inside of work), it’ll most likely be in Rails.
Rails, Wow
Rails is fun for small web apps (think: intranet stuff) but scaling it is likely going to be painful.
Is anyone inside the company using Rails?
I looked at it a while ago and thought it was interesting, however I was less than impressed with the way it manages the database. As far as I can tell, it has a very mysql-centric approach (like PHP, etc) in that it doesn’t have any concept of stored procedures, or really any kind of fine-grained access control at the database.
I could be wrong, but my initial impression is that RoR assumes that the web app has full permission to insert, update, or delete any row in any table. I consider this to be a fundimentally broken approach for any kind of public-facing application. IMHO, this makes it inherently vulnerable to SQL injection attacks and violates the principles of least privilidge and defense in depth.