|
|
|
|
|
|
by 1propionyl
2330 days ago
|
|
|
The question isn't whether a framework is or is not more vulnerable than other similar systems. It is whether using that framework <dis/en>courages developer behavior that produces more or less vulnerabilities. Ruby in general almost certainly does encourage dangerous developer patterns, however I doubt that's the case for Rails in particular as it has largely been practically a DSL for nearly a decade. As a corollary of "convention over configuration" and dominant patterns in popular accessory frameworks however, this only applies so long as you don't try to be too clever. |
|
|
I'm not trying to be pedantic; I do hear this sort of claim a lot but when pressed people rarely have anything more than pearl clutching about various metaprogramming capabilities that rarely get used outside of blog posts.
In other words, just because you can redefine + doesn't mean everyone is doing that in production code. :)