Ruby on Rails (RoR) is our technology of choice here, at Bit Zesty. We believe it is one of the best development frameworks for building web applications. And we are not alone, Airbnb, Zendesk and GOV.UK share our views.
The best things about RoR are that it has a large and passionate open-source community of developers that are constantly making it better. This means that there is a major Ruby on Rails upgrade every year and smaller updates that happen much more frequently.
The new release of Rails 5.2 introduces some great features such as improved file storage (Active Storage), better Redis caching, built-in security policies and simplified secrets encryption (Credentials).
The new Active Storage was extracted from Basecamp’s file uploading and is a full replacement for traditional Rails file storage gems (such as ‘carrierwave’, ‘dragonfly’, ‘paperclip’, or ‘shrine’). This change means that it is now possible to implement file uploading straight out of the box without needing to install additional gems. It supports Amazon’s S3, Google’s Cloud Storage, and Microsoft Azure Cloud File Storage and has features such as direct upload to the cloud and mirroring between cloud providers. This will make file upload simpler to implement in RoR applications.
The new built-in Redis cache store supports distributed Redis which makes it easier to use Redis for high availability services.
Version 5.2 has Content Security Policies (CSP) built into Rails. As many our client applications are sensitive, security is critical – we have been using the ‘secureheaders’ gem to set CSP headers to mitigate cross-site scripting attacks. Now we will be able to configure these settings directly into the application. We are especially pleased to see this addition as it is a significant step in making all RoR applications more secure by default.
Credentials are the new encrypted secrets store in version 5.2, and while a nice addition, for us there remains a substantial drawback as it only has one encryption key for all environments (e.g. you cannot have different keys for production and staging). Therefore, we will continue to keep our secrets (e.g. API keys) separate using environment variables (a development technique).
Overall, Rails 5.2 improvements are a welcome addition to the framework. So with these changes in sight, now may be a good time to upgrade.
While upgrading may seem less of a priority compared to building new features, there is a strong business case for keeping your RoR application up to date. You can get the full details in our free white paper – ‘7 Reasons to upgrade to the latest version of Ruby on Rails’.
If you need help with your RoR application, feel free to contact me, Matthew, on +44 207 125 0160 or drop me a line on [email protected] for a free consultation.
We are a leading RoR full-service agency with a team of highly experienced RoR developers. We provide Ruby on Rails maintenance and support services to clients such as HMRC, GOV.UK as well as many start-ups from our offices in London.
