The basic stuff is explained here.

http://www.rubycentral.com/book/taint.html

I find it very pragmatic and useful...


> --- Ursprgliche Nachricht ---
> Von: Kevin Bedell <kevin / kbedell.com>
> An: ruby-talk / ruby-lang.org (ruby-talk ML)
> Betreff: Ruby Security?
> Datum: Thu, 10 Nov 2005 00:41:32 +0900
> 
> Hey all -
> 
> I'm just coming over from Java and am wondering about Ruby security
> compared to
> Java.
> 
> I know that Java is pretty isolated from the operating system. All your
> apps run
> in a JVM and are governed by security policies that can be very fine
> grained and
> disallow you from accessing disks or even loading classes if desired.
> 
> One of the big issues, for example, with M$'s web technology is that it's
> so
> tightly integrated to the OS that when it's compromised, the compromizing
> code
> can do a lot of damage. Java makes it harder for attackers to access the
> underlying OS.
> 
> What about Ruby? From my initial work with the OS, I don't see anything
> that's
> as agressive as Java's isolation from the OS. Since Ruby isn't as widely
> used
> (and hasn't been hacked at as hard), how can I be sure that buffer
> overrun's
> won't show up throughout the code that will make Ruby innappropriate for
> use as
> a production platform?
> 
> Also, if a serious security problem is found, how is it responded to and
> how are
> patches distributed?
> 
> 
>