
BCHS: The BSD, C, httpd, SQLite stack for the web - pcr910303
https://learnbchs.org/
======
myu701
I really like the idea of learning this. Using a unixy system, sqlite, and
plain old CGI sounds like such a good idea to cut through the mountains on
mountains of abstractions we've got today for React-based SPAs.

But C is insecure. For all intents and purposes for me, a hobbyist, it is
impossibly so. Security experts and C professionals the world over work hard
to make things secure, yet there are (virtually) always vulnerabilities
discovered (or worse, not), and in the briny seas of the internet, I don't
want any code I wrote to compromise my or anyone else's computer systems.

Can I write insecure code in other languages? Yes. Are other languages going
to provide more guard rails against failure than C? Yes.

Bottom line: yes C is the one ring, I will probably end up using it plenty in
other non-internet-facing capacities. But I don't want to use it for internet-
facing things, too many ways for me to foot gun myself.

If this stack existed with a memory-managed language, even if it is otherwise
unchanged, I would look into it seriously. As it stands, I don't feel
qualified to try to write anything with the beaches stack since I can't
reasonably determine with a hobbyist's skillset whether the application is
99.xx% secure from a vulnerability skillset for any non-trivial use.

