Forum: Ruby WEBrick DOS Security Flaw

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Rob M. (Guest)
on 2006-12-29 17:02
(Received via mailing list)
Looks like WEBrick isn't ready for production, but then I think most
only use it with rails development, if not you may reconsider using
in any production capacity until this flaw is addressed.

http://rob.muhlestein.net/2006/12/webrick-security-flaw.html
Rob M. (Guest)
on 2006-12-29 21:31
(Received via mailing list)
On Fri, 29 Dec 2006 09:55:59 -0500, Rob M. wrote:

> Looks like WEBrick isn't ready for production, but then I think most
> only use it with rails development, if not you may reconsider using in
> any production capacity until this flaw is addressed.
>
> http://rob.muhlestein.net/2006/12/webrick-security-flaw.html

To the "anonymous comment" person who posted:

> WEBrick may not have been subject to enough scrutiny because no one ever
> suggests using it in production.

First, you are right, that did sound like FUD toward Ruby and you are
right to point out that WEBrick is generally not recommended for
production. I've changed the blog post hopefully to not appear as FUD
toward Ruby itself, but it definitely is FUD for unsuspecting newbies
who
might try to use WEBrick as a production web server (a big mistake imho
with the current state of WEBrick, but hopefully we can fix that).

BTW, I wouldn't be bothering with these posts and fix discussions if I
didn't want to see Ruby, Rails, and even WEBrick succeed.
This topic is locked and can not be replied to.