Ruby’s Big Flaw – Security Vulnerability
Now that everyone’s freaking out about the vulnerability in Ruby, I had to investigate what the deal was. Here are the list of links:
- Zed Shaw’s Rant – don’t just dismiss it. I found it to be the most informative and interesting since others really didn’t provide the “satisfying” details.
- Jeremy Kemper’s Official Rails Blog Entry – check out the comments.
- Eric Monti’s Code Sample – actual demonstration of the vulnerability.
- Peter Cooper’s Comprehensive Blog Post – this has it all.
Personally, I’m not too concerned as I’ve been doing “Paranoid Programming” for long long time, and I won’t lose sleep over this (read Zed’s rant before jumping all over me). HOWEVER, it doesn’t mean I’m going to sit here and do nothing. I’m upgrading to the latest patch to avoid any unseen mishaps.
I just wonder what this will do to the future of Ruby. This seems to be a major setback for those promoting Ruby in the Enterprise, since it’s the perception that matters, not the facts. Although I love Ruby as the language, I was always put off by those promoting Ruby as the “perfect” solution to everything. Let’s face it, there’s no such thing as perfectly secure language/platform/OS.
