Hi!

* James Britt; 2003-12-14, 20:53 UTC:
> Aside from general site security (don't run apache as root, etc.)
> is Ruby any more or less secure than, say, Perl or PHP?

Security issues with server-side applications in almost any case
result from bugs in the applications and the web server.

The most important risk is the application no matter if it is written
in Perl, PHP or Ruby. The majority of attacks results from weak
security of these programs.

The next important point is the Apache web server. Not that it is
buggy but it is the most widely used web server software so it
permanently is under heavy fire. Even Achilles would get injured in
that situation - one bullet or the other would find its way to
Achilles' heel.

Unless you have done your best to minimize the above problems - the
former can be minimized by using $SAFE, the latter by applying
security patches ASAP it makes no sense to look into the security of
Ruby itself.

It's always the weakest link of a chain that needs most attention.

Just my 2 Euro Cent.

Josef 'Jupp' SCHUGT
-- 
http://oss.erdfunkstelle.de/ruby/    -     German comp.lang.ruby-FAQ
http://rubyforge.org/users/jupp/     -     Ruby projects at Rubyforge
._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.
Windows are best when they are "unseen"   --   Chet Noll 27 Oct 2000