Is anyone inside the company using Rails?
I looked at it a while ago and thought it was interesting, however I was less than impressed with the way it manages the database. As far as I can tell, it has a very mysql-centric approach (like PHP, etc) in that it doesn’t have any concept of stored procedures, or really any kind of fine-grained access control at the database.
I could be wrong, but my initial impression is that RoR assumes that the web app has full permission to insert, update, or delete any row in any table. I consider this to be a fundimentally broken approach for any kind of public-facing application. IMHO, this makes it inherently vulnerable to SQL injection attacks and violates the principles of least privilidge and defense in depth.