Rails is bloated and hard to learn. You’d love to use a really simple framework like Sinatra. But what if you need something from Rails that isn’t there? You can’t memorize all the hundreds of helper methods in Rails. But what are the important ones that will hurt you badly if you don’t know them?

Why not build from something simpler and smaller? Node.js or Sinatra, say?

How much useful can Rails give you that’s worth all the bloat?

Some good stuff, actually… But less than you think.


The big answer is “security”. I won’t go over the entire list of security stuff you should care about for Rails. But here are some highlights that you’ll need to fix if you build on a slimmer framework before you put it up online:

Rails has fixes for all of these linked in the list. Check the Rails security guide for more information about what this buys you.

The Rails security guide also covers a lot of problems you have to know in any web framework.

Do you care? You really, really should.


Rails will happily precompile your CoffeeScript, use Sprockets to compress your JavaScript, add jQuery to your app and generally get things ready for you.

But perhaps more importantly, it will rename your assets (images, CSS, javascript, etc) every time they change and fetch them at a slightly different address. This means that in development mode you get to skip a lot of cache bugs when you change files.

Rails will also do a few other things to your assets like auto-sprite-ify sets of images with CSS and serve your assets from several different asset subdomains for maximum speed.

Do you care? You probably care after you’re scaling up significantly. Rails will give you these things for free, which is nice. Or your framework of choice will allow you to build it manually and then debug it.


Rails makes it easy to do things like page, action and fragment caching backed by files, memory, MemCacheD or in several other ways.

It also has good support for things like ETags and If-Modified-Since via helpers like fresh-when and stale?.

That’s probably the kind of thing you’re happy to ignore when you pick a slimmer framework.


Rails has a head start over everybody else in libraries. Sinatra can run Rack middleware and Node.js has an extensive library accessible through NPM, but Rails has an unparalleled selection of libraries that support it.

Basically everything Ruby supports Rails.

Some of the best stuff is Rack, and so it supports Rails and Sinatra. But often even if you’re using Rack middleware, there’s an additional wrapper with convenience functions for Rails, so Rails has the advantage again. For instance, Warden is a nice Rack-based authentication system, but Devise is the same thing nicely packaged for Rails.

Now Go Build in Whatever You Like

I’m not worried whether you use Rails, Sinatra, Node.js, Padrino, Rulers or something else completely.

But remember that a web app with bad security can compromise everybody else’s security too. When you pick a smaller, simpler framework, know what you’re missing and how to fix it.

Play safe!