Ruby on Rails 2.0 Arrives

The latest version of the Web development framework brings enhanced support for REST and beefed up security.

Download the authoritative guide: How to Develop an IT Security Strategy

The much-anticipated second release of the Ruby on Rails Web development framework has been released.

Ruby on Rails was released Dec. 7. Key advancements in Rails 2.0 include enhanced support for REST (Representational State Transfer) and improved security.

"My favorite part of Rails 2.0 is how harmonic the pursuit of the RESTful principles has made application development," the technologys creator, David Heinemeier Hansson, told eWEEK. "It makes it feel so much more predictable, clean and enjoyable. HTTP had it right all along, its just taken us Web-application developers a while to understand and appreciate it."

Hansson is a developer at 37signals, a Chicago-based Web product development firm. He said it took a year to get Rails 2.0 completed.

He said he has personally worked on the Rails framework for four years and has a core group of developers who have been around working on it just about as long. Along the way there have been hundreds of contributors, he said. "This release is a triumph for large-scale open-source development," he said.

Despite the large number of new features in the latest release, Hansson said the bulk of the effort on Rails 2.0 was put into adding more support for REST. "Weve got a slew of improvements to the RESTful lifestyle," he said.


Click here to read more about 12 things you need to know about Ruby on Rails.

Moreover, he said, "itll probably come as no surprise that Rails has picked a side in the SOAP [Simple Object Access Protocol]-versus-REST debate. Unless you absolutely have to use SOAP for integration purposes, we strongly discourage you from doing so."

Enhancing security of the framework was another major concern.

"Making it even easier to create secure applications out of the box is always a pleasure, and with Rails 2.0 were doing it from a number of fronts," Hansson said in a blog post. "Most importantly, we now ship a built-in mechanism for dealing with CSRF [cross-site request forgery] attacks. By including a special token in all forms and AJAX [Asynchronous JavaScript and XML] requests, you can guard from having requests made from outside of your application. All this is turned on by default in new Rails 2.0 applications."

He said Rails 2.0 also makes it easier for developers to deal with XSS (cross-site scripting) attacks while still allowing users to embed HTML in their pages. "Weve added support for HTTP-only cookies," he said. "They are not yet supported by all browsers, but you can use them where they are."

The Action Pack in Rails 2.0 is all about getting closer with HTTP, Hansson said. "Weve added a new module to work with HTTP Basic Authentication, which turns out to be a great way to do API authentication over SSL [Secure Sockets Layer]."

In addition, Rails 2.0 features a new request profiler. "Figuring out where your bottlenecks are with real usage can be tough, but we just made it a whole lot easier with the new request profiler that can follow an entire usage script and report on the aggregate findings," Hansson said.

He said the Rails team made what already was a lightweight development framework even lighter by taking some things out, such as from the Active Record component. Active Record in Rails connects business objects and database tables to create a persistable domain model where logic and data is presented in one wrapping.

"To make Active Record a little leaner and meaner, weve removed the acts_as_XYZ features and put them into individual plug-ins on the Rails SVN [subversion] repository," Hansson said. "Weve also pushed all the commercial database adapters into their own gems. So Rails now only ships with adapters for MySQL, SQLite and PostgreSQL. These are the databases that we have easy and willing access to test on."

That doesnt mean the commercial databases are left out, he said. "Rather, theyve now been set free to have an independent release schedule from the main Rails distribution," he said.

Also new with Rails 2.0 is making it "much easier to structure your JavaScript and stylesheet files in logical units without getting clobbered by the HTTP overhead of requesting a bazillion files," Hansson said.


Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.