Rails 3 to add security enhancement
Although developers of the Ruby on Rails Web framework will miss this week's target date for offering a preview release of Rails 3, the framework's founder will be touting planned capabilities, such as a major security enhancement, during a conference on Tuesday.
Rails 3, which is to feature a merger of Rails with the Merb framework, will be fitted with protection against cross-site scripting attacks, said Rails creator David Heinemeier Hansson, in an interview on Monday afternoon. He will be presenting at the RailsConf 2009 event in Las Vegas. Cross-site scripting enables intruders to gain unauthorized access to an application by injecting pieces of JavaScript, but version 3 will protect against this.
[ Related: Ruby on Rails on track for major upgrades. ]
Default settings in Rails 3 will only permit allowable JavaScript to execute, Hansson said. "You do not want a user to be able to execute JavaScript on your page," without proper authorization to do so, he explained.
"We'll have a function that allows you to insert this code if [you] actually do mean that this code should be executed," Hansson explained.
But a preview release of Rails 3, which several months ago had been eyed for availability at the conference, will not arrive. Hansson stressed that target date was more along the lines of wishful thinking.
"Our release dates aren't as much planning as, 'That would be nice.' What matters more is [that] what we're releasing is worthwhile and it's done," said Hansson.
Still, preview code releases for Rails 3 have been ongoing, he said. "It's just not being bundled up in an official release," said Hansson. Rails 3 code has been developed in a publicly available repository, he said. A general release for Rails 3 is hoped for later this year.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
rails
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
