Rails 3 to add security enhancement
Although developers of the Ruby on Rails Web framework will miss this week's target date for offering a preview release of Rails 3, the framework's founder will be touting planned capabilities, such as a major security enhancement, during a conference on Tuesday.
Rails 3, which is to feature a merger of Rails with the Merb framework, will be fitted with protection against cross-site scripting attacks, said Rails creator David Heinemeier Hansson, in an interview on Monday afternoon. He will be presenting at the RailsConf 2009 event in Las Vegas. Cross-site scripting enables intruders to gain unauthorized access to an application by injecting pieces of JavaScript, but version 3 will protect against this.
[ Related: Ruby on Rails on track for major upgrades. ]
Default settings in Rails 3 will only permit allowable JavaScript to execute, Hansson said. "You do not want a user to be able to execute JavaScript on your page," without proper authorization to do so, he explained.
"We'll have a function that allows you to insert this code if [you] actually do mean that this code should be executed," Hansson explained.
But a preview release of Rails 3, which several months ago had been eyed for availability at the conference, will not arrive. Hansson stressed that target date was more along the lines of wishful thinking.
"Our release dates aren't as much planning as, 'That would be nice.' What matters more is [that] what we're releasing is worthwhile and it's done," said Hansson.
Still, preview code releases for Rails 3 have been ongoing, he said. "It's just not being bundled up in an official release," said Hansson. Rails 3 code has been developed in a publicly available repository, he said. A general release for Rails 3 is hoped for later this year.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
rails
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.












