Hi! * James Britt; 2003-12-14, 20:53 UTC: > Aside from general site security (don't run apache as root, etc.) > is Ruby any more or less secure than, say, Perl or PHP? Security issues with server-side applications in almost any case result from bugs in the applications and the web server. The most important risk is the application no matter if it is written in Perl, PHP or Ruby. The majority of attacks results from weak security of these programs. The next important point is the Apache web server. Not that it is buggy but it is the most widely used web server software so it permanently is under heavy fire. Even Achilles would get injured in that situation - one bullet or the other would find its way to Achilles' heel. Unless you have done your best to minimize the above problems - the former can be minimized by using $SAFE, the latter by applying security patches ASAP it makes no sense to look into the security of Ruby itself. It's always the weakest link of a chain that needs most attention. Just my 2 Euro Cent. Josef 'Jupp' SCHUGT -- http://oss.erdfunkstelle.de/ruby/ - German comp.lang.ruby-FAQ http://rubyforge.org/users/jupp/ - Ruby projects at Rubyforge ._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._. Windows are best when they are "unseen" -- Chet Noll 27 Oct 2000