Ruby web ap FUD

[Bil Kleb]

I got the following internal email this morning; and
because I've only dabbled in Camping, Rails, and web aps
in general--I'm a floating-point number cruncher guy--I
thought I'd run it pass you before responding:

I'm working on archiving [..] data for [a] project,
and [the Principal Investigator] mentioned using Ruby
as opposed to straight perl cgi. I am a "data modeler"
and have just branched into the perl cgi arena, due
to [staffing issues]. (Basically, they don't have web
programmers that can do anything other than ColdFusion).

Anyway, I would like to meet with you to talk about Ruby
and it's pros/cons in general, and possibly in relation
to the project [mentioned above].

I have heard that Ruby on Rails is only "easy" if your
data model/schema is simple, and you only present one
table's worth of info on a form. I'll bring a copy of
the E-R diagram to discuss, if that will help in determining
in Ruby is the right language to use for this application.

I also have the forms defined in html (used these for working
with [the PI] in determining what metadata to capture). It
looks like I would have to "redo" all the html to use Ruby
methods?

I'm also interested in the "security" aspects of using Ruby.
PHP (as opposed to ColdFusion) has been identified as having
too many security issues and therefore not encouraged here,
so I'm curious about Ruby/Ruby on Rails....

Oh, and the database is implemented in Postgres.

Thanks in advance for any light you can shed.

Regards,

 

[Tim Pease]

Thanks in advance for any light you can shed.

Regards,

Completely off topic, but I just checked out your fun3d webpage and
luaghed out loud at the little "powered by rails" badge at the bottom.
Thanks for bringing a smile to a mildly depressing day

TwP

 

[Eero Saynatkari]

--CGDBiGfvSTbxKZlW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I got the following internal email this morning; and
because I've only dabbled in Camping, Rails, and web aps
in general--I'm a floating-point number cruncher guy--I
thought I'd run it pass you before responding:
=20
I'm working on archiving [..] data for [a] project,
and [the Principal Investigator] mentioned using Ruby
as opposed to straight perl cgi. I am a "data modeler"
and have just branched into the perl cgi arena, due
to [staffing issues]. (Basically, they don't have web
programmers that can do anything other than ColdFusion).
=20
Anyway, I would like to meet with you to talk about Ruby
and it's pros/cons in general, and possibly in relation
to the project [mentioned above].
=20
I have heard that Ruby on Rails is only "easy" if your
data model/schema is simple, and you only present one
table's worth of info on a form. I'll bring a copy of
the E-R diagram to discuss, if that will help in determining
in Ruby is the right language to use for this application.

The only problem you are likely to encounter is fitting your
existing schema to fit AR's model if going with Rails (and
not replacing AR at the backend).

Remember, though, to mention Nitro and IOWA also. Both have
ORMs that work better with legacy database schemas.

I also have the forms defined in html (used these for working
with [the PI] in determining what metadata to capture). It
looks like I would have to "redo" all the html to use Ruby
methods?
=20
I'm also interested in the "security" aspects of using Ruby.
PHP (as opposed to ColdFusion) has been identified as having
too many security issues and therefore not encouraged here,
so I'm curious about Ruby/Ruby on Rails....
=20
Oh, and the database is implemented in Postgres.

=20
Nonissue, whether though DBI, native drivers or an ORM.

Thanks in advance for any light you can shed.

You probably want to push this to the Rails list, they
are always happy to defend their implementation.

--CGDBiGfvSTbxKZlW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFK/Z87Nh7RM4TrhIRAoe3AKClILSbMKtZdh1/mPBq/yHgtmVlugCfW1nh
HGldIW13kDj0VQl9bpF80NQ=
=MgS6
-----END PGP SIGNATURE-----

--CGDBiGfvSTbxKZlW--

 

[khaines]

On 2006.10.11 04:25, Bil Kleb wrote:

The only problem you are likely to encounter is fitting your
existing schema to fit AR's model if going with Rails (and
not replacing AR at the backend).

Remember, though, to mention Nitro and IOWA also. Both have
ORMs that work better with legacy database schemas.

IOWA is completely ORM agnostic. I use Kansas because I like the query
model, but one could just as easily use Og, or even AR (if AR were
threadsafe).

I also have the forms defined in html (used these for working
with [the PI] in determining what metadata to capture). It
looks like I would have to "redo" all the html to use Ruby
methods?

In general, the answer is somewhere between "No" to "Only very slightly".

I can only speak to security with IOWA, but mostly it boils down to
whether the application developer does things that will open a hole, and
the most likely thing there is doing something unsafe with input from
a form. And I think that's generally the situation with other Ruby
frameworks. There was a security issue with earlier versions of Rails,
but that was fixed over the summer, and details are readily found via your
favorite search engine.


Kirk Haines
Waiting for Rubyforge to come back to push IOWA 0.99.2.17 up to it.