Rails is bloated and hard to learn. You’d love to use a really simple framework like Sinatra. But what if you need something from Rails that isn’t there? You can’t memorize all the hundreds of helper methods in Rails. But what are the important ones that will hurt you badly if you don’t know them?
How much useful can Rails give you that’s worth all the bloat?
Some good stuff, actually… But less than you think.
The big answer is “security”. I won’t go over the entire list of security stuff you should care about for Rails. But here are some highlights that you’ll need to fix if you build on a slimmer framework before you put it up online:
- Session fixation and hijacking
- Cross-Site Request Forgery
- Mass Assignment
- SQL Injection
- Cross-Site Scripting and HTML Injection
Rails has fixes for all of these linked in the list. Check the Rails security guide for more information about what this buys you.
The Rails security guide also covers a lot of problems you have to know in any web framework.
Do you care? You really, really should.
Rails will also do a few other things to your assets like auto-sprite-ify sets of images with CSS and serve your assets from several different asset subdomains for maximum speed.
Do you care? You probably care after you’re scaling up significantly. Rails will give you these things for free, which is nice. Or your framework of choice will allow you to build it manually and then debug it.
Rails makes it easy to do things like page, action and fragment caching backed by files, memory, MemCacheD or in several other ways.
That’s probably the kind of thing you’re happy to ignore when you pick a slimmer framework.
Rails has a head start over everybody else in libraries. Sinatra can run Rack middleware and Node.js has an extensive library accessible through NPM, but Rails has an unparalleled selection of libraries that support it.
Basically everything Ruby supports Rails.
Some of the best stuff is Rack, and so it supports Rails and Sinatra. But often even if you’re using Rack middleware, there’s an additional wrapper with convenience functions for Rails, so Rails has the advantage again. For instance, Warden is a nice Rack-based authentication system, but Devise is the same thing nicely packaged for Rails.
Now Go Build in Whatever You Like
But remember that a web app with bad security can compromise everybody else’s security too. When you pick a smaller, simpler framework, know what you’re missing and how to fix it.