undefined | Better HN

0 points1propionyl6y ago0 comments

The question isn't whether a framework is or is not more vulnerable than other similar systems.

It is whether using that framework <dis/en>courages developer behavior that produces more or less vulnerabilities.

Ruby in general almost certainly does encourage dangerous developer patterns, however I doubt that's the case for Rails in particular as it has largely been practically a DSL for nearly a decade.

As a corollary of "convention over configuration" and dominant patterns in popular accessory frameworks however, this only applies so long as you don't try to be too clever.

0 comments

peteforde6y ago

I would genuinely appreciate cited references to back up your assertion that Rails almost certainly does encourage dangerous developer patterns.

I'm not trying to be pedantic; I do hear this sort of claim a lot but when pressed people rarely have anything more than pearl clutching about various metaprogramming capabilities that rarely get used outside of blog posts.

In other words, just because you can redefine + doesn't mean everyone is doing that in production code. :)

j / k navigate · click thread line to collapse