Hacker Read

sanderjd | karma 14921 | avg karma 2.45 · 2015-06-18 19:10:37+00:00

You're getting downvoted because security issues are far from unique to Ruby on Rails. Are you aware of any web frameworks with a pristine security history?

LunaSea | karma 1565 | avg karma 1.36 · 2015-06-18 22:06:14+00:00

Node.js is not bad.

dham | karma 1323 | avg karma 2.65 · 2015-06-19 01:20:39+00:00

Node.js is not a web framework.

http://expressjs.com/advanced/security-updates.html

reply

LunaSea | karma 1565 | avg karma 1.36 · 2015-06-19 09:06:07+00:00

Express.js has 5 vulnerabilities in 6 years.

Yeah I think I'm going to take my chances with Express.js rather than Ruby on Rails with it 57 vulnerabilities in 6 years.

reply

dham | karma 1323 | avg karma 2.65 · 2015-06-19 11:42:32+00:00

Express is a micro framework, Rails is not. Rails covers more ground. You would want to compare security of Express to Sinatra or Grape.

sanderjd | karma 14921 | avg karma 2.45 · 2015-06-23 18:42:29+00:00

The problem with thinking this way is that you don't know what security issues that nobody knows about yet are lurking in there. I remember the time before the recent spate of Rails vulnerabilities in the last 5 years or so, and I thought similarly about its security as you seem to about the Nodejs ecosystem. It's definitely possible that your confidence won't ever be punctured by a similar run of security issues, but my personal view is that it tends to be hubris to think your favorite technology is just better at security, for vague reasons.