Interview with Mongrel Author Zed Shaw
Mongrel is a fast HTTP library and server for Ruby that is intended for hosting Ruby web applications of any kind using plain HTTP rather than FastCGI or SCGI. It is framework agnostic and already supports Ruby On Rails, Og+Nitro, and Camping frameworks.
Highlights from the interview include his explanation of Mongrel's good security characteristics.
...all Mongrel does is use a correctly coded parser based on a real grammar and a parser generator (Ragel). Other web servers use hand coded HTTP parsers that turn out to be vulnerable, difficult to compare to the real HTTP 1.1 RFC grammar, and are just a pain to manage. Using Ragel makes Mongrel robust against many of these attacks without actually having to create specific logic for detecting “attacks”.Mongrel is easy to install as a RubyGem and works with all the major platforms including Solaris and Win32. It is rapidly becoming the number one choice for deploying production Ruby on Rails applications.
Craig Motlin Sep 01, 2014