Ruby on Rails

From Wikipedia, the free encyclopedia

Not to be confused with Ruby (programming language).
Ruby on Rails

Original author(s) David Heinemeier Hansson

Initial release
18 December 2005; 10 years ago
5.0.0.1 / August 11, 2016; 3
months ago[1]
5.0.0.rc2 / June 22, 2016; 4
Preview release
months ago[2]
Repository
github.com/rails/rails
Development status Active
Written in
Ruby
Operating system Cross-platform
Type
Web application framework
License
MIT License
Website
rubyonrails.org
Stable release

Ruby on Rails, or simply Rails, is a server-side web application framework written in

Ruby under the MIT License. Rails is a modelviewcontroller (MVC) framework,
providing default structures for a database, a web service, and web pages. It encourages
and facilitates the use of web standards such as JSON or XML for data transfer, and
HTML, CSS and JavaScript for display and user interfacing. In addition to MVC, Rails
emphasizes the use of other well-known software engineering patterns and paradigms,
including convention over configuration (CoC), don't repeat yourself (DRY), and the
active record pattern.[3]

Contents

1 History

2 Technical overview

o 2.1 Framework structure

o 2.2 Deployment

3 Philosophy and design

4 Trademarks

5 Reception
o 5.1 Scalability
o 5.2 Security

6 References

7 Bibliography

8 External links

History
David Heinemeier Hansson extracted Ruby on Rails from his work on the project
management tool Basecamp at the web application company also called Basecamp.[4]
Hansson first released Rails as open source in July 2004, but did not share commit
rights to the project until February 2005.[citation needed] In August 2006, the framework
reached a milestone when Apple announced that it would ship Ruby on Rails with Mac
OS X v10.5 "Leopard",[5] which was released in October 2007.
Rails version 2.3 was released on March 15, 2009 with major new developments in
templates, engines, Rack and nested model forms. Templates enable the developer to
generate a skeleton application with custom gems and configurations. Engines give
developers the ability to reuse application pieces complete with routes, view paths and
models. The Rack web server interface and Metal allow one to write optimized pieces
of code that route around Action Controller.[6]
On December 23, 2008, Merb, another web application framework, was launched, and
Ruby on Rails announced it would work with the Merb project to bring "the best ideas
of Merb" into Rails 3, ending the "unnecessary duplication" across both communities.[7]
Merb was merged with Rails as part of the Rails 3.0 release.[8][9]
Rails 3.1 was released on August 31, 2011, featuring Reversible Database Migrations,
Asset Pipeline, Streaming, jQuery as default JavaScript library and newly introduced
CoffeeScript and Sass into the stack.[10]
Rails 3.2 was released on January 20, 2012 with a faster development mode and routing
engine (also known as Journey engine), Automatic Query Explain and Tagged Logging.

[11]

Rails 3.2.x is the last version that supports Ruby 1.8.7.[12] Rails 3.2.12 supports Ruby
2.0.[13]
Rails 4.0 was released on June 25, 2013, introducing Russian Doll Caching, Turbolinks,
Live Streaming as well as making Active Resource, Active Record Observer and other
components optional by splitting them as gems.[14]
Rails 4.1 was released on April 8, 2014, introducing Spring, Variants, Enums, Mailer
previews, and secrets.yml.[15]
Rails 4.2 was released on December 19, 2014, introducing Active Job, asynchronous
emails, Adequate Record, Web Console, and foreign keys.[16]
Version history
Version
[17]

1.0
1.2[18]
2.0[19]
2.1[20]
2.2[21]
2.3[22]
3.0[23]
3.1[24]
3.2[25]
4.0[26]
4.1[27]
4.2[16]
4.2.5
5.0

Date
December 13, 2005
January 19, 2007
December 7, 2007
June 1, 2008
November 21, 2008
March 16, 2009
August 29, 2010
August 31, 2011
January 20, 2012
June 25, 2013
April 8, 2014
December 19, 2014
November 13, 2015
June 30, 2016

Technical overview
Like many web frameworks, Ruby on Rails uses the modelviewcontroller (MVC)
pattern to organize application programming.
In a default configuration, a model in the Ruby on Rails framework maps to a table in a
database and to a Ruby file. For example, a model class User will usually be defined in
the file 'user.rb' in the app/models directory, and linked to the table 'users' in the
database. While developers are free to ignore this convention and choose differing
names for their models, files, and database table, this is not common practice and is
usually discouraged in accordance with the "convention-over-configuration"
philosophy.
A controller is a server-side component of Rails that responds to external requests from
the web server to the application, by determining which view file to render. The
controller may also have to query one or more models directly for information[clarification
needed]
and pass these on to the view.[clarification needed] A controller may provide one or more
actions. In Ruby on Rails, an action is typically a basic unit that describes how to

respond to a specific external web-browser request. Also note that the controller/action
will be accessible for external web requests only if a corresponding route is mapped to
it. Rails encourages developers to use RESTful routes, which include actions such as
create, new, edit, update, destroy, show, and index. These mappings of incoming
requests/routes to controller actions can be easily set up in the routes.rb configuration
file.
A view in the default configuration of Rails is an erb file, which is evaluated and
converted to HTML at run-time. Alternatively, many other templating systems can be
used for views.
Ruby on Rails includes tools that make common development tasks easier "out-of-thebox", such as scaffolding that can automatically construct some of the models and views
needed for a basic website.[28] Also included are WEBrick, a simple Ruby web server
that is distributed with Ruby, and Rake, a build system, distributed as a gem. Together
with Ruby on Rails, these tools provide a basic development environment.
Ruby on Rails is most commonly not connected to the Internet directly, but through
some front-end web server. Mongrel was generally preferred[by whom?] over WEBrick in
the early days,[citation needed] but it can also run on Lighttpd, Apache, Cherokee, Hiawatha,
nginx (either as a module Phusion Passenger for example or via CGI, FastCGI or
mod_ruby), and many others. From 2008 onwards, Passenger replaced Mongrel as the
most-used web server for Ruby on Rails.[29] Ruby is also supported natively on the IBM
i.[30]
Ruby on Rails is also noteworthy for its extensive use of the JavaScript libraries,
Prototype and Script.aculo.us, for scripting Ajax actions.[31] Ruby on Rails initially
utilized lightweight SOAP for web services; this was later replaced by RESTful web
services. Ruby on Rails 3.0 uses a technique called Unobtrusive JavaScript to separate
the functionality (or logic) from the structure of the web page. jQuery is fully supported
as a replacement for Prototype and is the default JavaScript library in Rails 3.1,
reflecting an industry-wide move towards jQuery. Additionally, CoffeeScript was
introduced in Rails 3.1 as the default Javascript language.
Since version 2.0, Ruby on Rails offers both HTML and XML as standard output
formats. The latter is the facility for RESTful web services.
Rails 3.1 introduced Sass as standard CSS templating.
By default, the server uses Embedded Ruby in the HTML views, with files having an
html.erb extension. Rails supports swapping-in alternative templating languages, such
as HAML and Mustache.
Ruby on Rails 3.0 has been designed to work with Ruby 1.8.7, Ruby 1.9.2, and JRuby
1.5.2+; earlier versions are not supported.[32]
Ruby on Rails 3.2 is the last series of releases that support Ruby 1.8.7.

Framework structure

Ruby on Rails is separated into various packages, namely ActiveRecord (an objectrelational mapping system for database access), Active Resource (provides web
services), Action Pack, Active Support and Action Mailer. Prior to version 2.0, Ruby on
Rails also included the Action Web Service package that is now replaced by Active
Resource. Apart from standard packages, developers can make plugins to extend
existing packages. Earlier Rails supported plugins within their own custom framework;
version 3.2 deprecates these in favor of standard Ruby "gems".[33]

Deployment
Ruby on Rails is often installed using RubyGems, a package manager[34] which is
included with current versions of Ruby. Many free Unix-like systems also support
installation of Ruby on Rails and its dependencies through their native package
management system.
Ruby on Rails is typically deployed with a database server such as MySQL or
PostgreSQL, and a web server such as Apache running the Phusion Passenger module.

Philosophy and design

Ruby on Rails is intended to emphasize Convention over Configuration (CoC), and the
Don't Repeat Yourself (DRY) principle.
"Convention over Configuration" means a developer only needs to specify
unconventional aspects of the application. For example, if there is a class Sale in the
model, the corresponding table in the database is called sales by default. It is only if one
deviates from this convention, such as calling the table "products sold", that the
developer needs to write code regarding these names. Generally, Ruby on Rails
conventions lead to less code and less repetition.[35]
"Don't repeat yourself" means that information is located in a single, unambiguous
place. For example, using the ActiveRecord module of Rails, the developer does not
need to specify database column names in class definitions. Instead, Ruby on Rails can
retrieve this information from the database based on the class name.
"Fat models, skinny controllers" means that most of the application logic should be
placed within the model while leaving the controller as light as possible.

Trademarks
In March 2007, David Heinemeier Hansson filed three Ruby on Rails-related trademark
applications to the USPTO. These applications regard the phrase "RUBY ON RAILS",
[36]
the word "RAILS",[37] and the official Rails logo.[38] As a consequence, in the summer
of 2007, Hansson denied permission to Apress to use the Ruby on Rails logo on the
cover of a new Ruby on Rails book written by some authoritative community members.
The episode gave rise to a polite protest in the Ruby on Rails community.[39][40] In
response to this criticism, Hansson replied:

I only grant promotional use [of the Rails logo] for products I'm directly involved with.
Such as books that I've been part of the development process for or conferences where I
have a say in the execution. I would most definitely seek to enforce all the trademarks
of Rails.[39]

Reception
Scalability
Rails running on Matz's Ruby Interpreter (the de facto reference interpreter for Ruby)
had been criticized for issues with scalability.[41] These critics often mentioned various
Twitter outages in 2007 and 2008, which spurred Twitter's partial transition to Scala
(which runs on the Java Virtual Machine) for their queueing system and other
middleware.[42][43] The user interface aspects of the site continued to run Ruby on Rails[44]
until 2011 when it was replaced due to concerns over performance[45]
In 2011, Gartner Research noted that despite criticisms and comparisons to Java, many
high-profile consumer web firms are using Ruby on Rails to build agile, scalable web
applications. Some of the largest sites running Ruby on Rails include Airbnb, GitHub,
Scribd, Shopify, Hulu, and Basecamp.[46] As of January 2016, it is estimated that more
than 1.2 million web sites are running Ruby on Rails.[47][48]

Security
On September 24, 2013, a session cookie persistence security flaw was reported in
Ruby on Rails. In a default configuration, the entire session hash is stored within a
session cookie known as CookieStore, allowing any authenticated session possessing
the session cookie to log in as the target user at any time in the future. As a workaround,
administrators are advised to configure cookies to be stored on the server using
mechanisms such as ActiveRecordStore.[49]
Researchers Daniel Jackson and Joseph Near developed a data debugger they called
"Space" that can analyze the data access of a Rails program and determine if the
program properly adheres to rules regarding access restrictions. On April 15, 2016, Near
reported that an analysis of 50 popular Web applications using Space uncovered 23
previously unknown security flaws.[50]