An enlightening interview with well-known Rails programmer Zed Shaw was published this week on the O'Reilly Ruby blog. Zed talks about Ruby on Rails and his work on an up-and-coming new HTTP server named Mongrel that is winning accolades all over the community.
Mongrel is a fast HTTP library and server for Ruby that is intended for hosting Ruby web applications of any kind using plain HTTP rather than FastCGI or SCGI. It is framework agnostic and already supports Ruby On Rails, Og+Nitro, and Camping frameworks.
Highlights from the interview include his explanation of Mongrel's good security characteristics.
Mongrel is a fast HTTP library and server for Ruby that is intended for hosting Ruby web applications of any kind using plain HTTP rather than FastCGI or SCGI. It is framework agnostic and already supports Ruby On Rails, Og+Nitro, and Camping frameworks.
Highlights from the interview include his explanation of Mongrel's good security characteristics.
...all Mongrel does is use a correctly coded parser based on a real grammar and a parser generator (Ragel). Other web servers use hand coded HTTP parsers that turn out to be vulnerable, difficult to compare to the real HTTP 1.1 RFC grammar, and are just a pain to manage. Using Ragel makes Mongrel robust against many of these attacks without actually having to create specific logic for detecting “attacks”.Mongrel is easy to install as a RubyGem and works with all the major platforms including Solaris and Win32. It is rapidly becoming the number one choice for deploying production Ruby on Rails applications.