Hacker Newsnew | comments | show | ask | jobs | submit login

This seems to be quite well written. However, this is a really bad idea for anything other than learning/hobby work. Writing a web application in C is just asking for security trouble.

Writing in C introduces whole families of vulnerability that aren't a problem in most other languages. Format string vulnerabilities and buffer overflows are the two that immediately come to mind, and these will be added to the normal host of web application security considerations like SQLI, CSRF, XSS, etc.




Author here. I completely agree. I wrote this just because I could and because I was going through a phase of writing everything in C. I wouldn't recommend anyone actually try to use it.

-----


Just out of curiosity . . .

What followed the phase in which you were writing everything in C?

-----


I got my first job. There's nothing like a dose of the real world to break you out of such phases. However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.

It's only been recently that I have started sitting down with projects and thinking, which language makes sense here?

-----


> However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.

I've been through these phases too. But they keep on recurring time after time. I've been writing everything in C, then C++, then Haskell, then back to C and this has been going on for years.

Well at least both Haskell and C have good educational value, so even if it is a bit odd, you're still learning valuable skills.

-----


I've been through these phases too. But they keep on recurring time after time.

Me too. As I get older, though (I'm well past "maturity" ;), I find myself going back to C more and more. I'm not exactly sure why.

I do think, though, that while our discussions of programming languages nearly always revolve around this or that feature making things easier, or more efficient, or more fault-tolerant, or whatever, there's also an element of "intellectual fun" (or something like that).

I won't say I never get aggravated writing C, but I often enjoy the puzzles that emerge. Trying to figure out how to do something in C, trying to visualize what's going on with the memory, creating clever little pointer-machines -- it's just as fun as doing analogous things with Lisp or Haskell (during one's obligatory Lisp and Haskell phases).

-----


Indeed...it's quite comforting in a world full of every JS/Python/Lua/Ruby/.NET/etc/etc framework imaginable, leaving C behind has solved web application security problems. Where is my sarcasm tag.

I've gone back to writing most things in C. Including web apps. If you're a crappy programmer, the "new hip" languages might protect you from some classes of issues, but the idea that you're "safer" is deeply, deeply misguided.

-----


Ah, the write everything in C phase. I had a lot of fun during that :D

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: