This seems to be quite well written. However, this is a really bad idea for anything other than learning/hobby work. Writing a web application in C is just asking for security trouble.
Writing in C introduces whole families of vulnerability that aren't a problem in most other languages. Format string vulnerabilities and buffer overflows are the two that immediately come to mind, and these will be added to the normal host of web application security considerations like SQLI, CSRF, XSS, etc.
Author here. I completely agree. I wrote this just because I could and because I was going through a phase of writing everything in C. I wouldn't recommend anyone actually try to use it.
I got my first job. There's nothing like a dose of the real world to break you out of such phases. However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.
It's only been recently that I have started sitting down with projects and thinking, which language makes sense here?
> However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.
I've been through these phases too. But they keep on recurring time after time. I've been writing everything in C, then C++, then Haskell, then back to C and this has been going on for years.
Well at least both Haskell and C have good educational value, so even if it is a bit odd, you're still learning valuable skills.
I've been through these phases too. But they keep on recurring time after time.
Me too. As I get older, though (I'm well past "maturity" ;), I find myself going back to C more and more. I'm not exactly sure why.
I do think, though, that while our discussions of programming languages nearly always revolve around this or that feature making things easier, or more efficient, or more fault-tolerant, or whatever, there's also an element of "intellectual fun" (or something like that).
I won't say I never get aggravated writing C, but I often enjoy the puzzles that emerge. Trying to figure out how to do something in C, trying to visualize what's going on with the memory, creating clever little pointer-machines -- it's just as fun as doing analogous things with Lisp or Haskell (during one's obligatory Lisp and Haskell phases).
Indeed...it's quite comforting in a world full of every JS/Python/Lua/Ruby/.NET/etc/etc framework imaginable, leaving C behind has solved web application security problems. Where is my sarcasm tag.
I've gone back to writing most things in C. Including web apps. If you're a crappy programmer, the "new hip" languages might protect you from some classes of issues, but the idea that you're "safer" is deeply, deeply misguided.
Seems like a good option for hardware devices like routers, firewall appliances, ... This won't be the next agile, ninja hacker, 1337 web development platform. But it could have it's own niche of the market.
I remember words like "hacker" and "1337" being used to refer to people who did reverse engineering, participated in the demoscene or just defaced websites for fun. My, how the tables have turned.
I'd love if it was in my routers, the currently consumer-level routers are so bad I have to purchase based on whether I can replace the firmware with OpenWRT.
This is a cool project, but if you're looking for something that is safer and yet runs at similar speeds and requires similarly low memory levels, I suggest vibe.d -- D's primary web framework[0]. It's progressing very quickly.
Obligatary on-topic comment: seems like a lot of code for a not a lot of result; I would like to see templates (with optional template parms) used to provide the 'usual' values.
(yes I know templates aren't C, but you can use them minimalistically since they're orthogonal to the rest of C++.)
Digression comment: Has anyone used GWAN? It looks awesome, but the website hints at some eccentricity.
http://gwan.com/
ahahah "eccentricity" best adjective craftsmanship ever...
looks like a cool idea but i feel like hardware-optimization stuff will be wrapped into server OS eventually if its meant to be (I'm sure it already is in some ways). If you want to be cutting edge tho give it a shot?
eheh so impressed with "eccentric" tho. it's funny i love Clojure & i feel like its a bunch of "eccentric" vibing trying to tame itself into something that looks like trendy web sites (Rails community kinda pages, though in Rails it seems there is a flashy site for practically every popular gem whereas in Clojure the biggest thought they're willing to formulate is some real minimal framework)
> From the site (which seems to disallow copy-paste):
>> The next time someone feels the need to publicly call G-WAN's (1-page) license "weird" or "insane", look at what they sell and who they get their revenues from. Unlike for G-WAN, what they offer is not free for all.
> They have redefined the word 'free' into a fine mist if they expect you to believe Apache and nginx are not free. They're doing something I've seen done before; oddly, it was mainly being done by Usenet trolls.
"Transformation of data" makes a lot of sense if you're accustomed to "pipes and filters" architectures. It's anything your program might actually do with data that passes through it. Doesn't matter what it is – it's a black box!
Why should handlers and actions be separated? Because they're different things! This is already standard in web architectures: the router is a collection of handlers and the functions that the router calls out to are actions. I like that actions are separated out from the monolithic "controller".
Writing in C introduces whole families of vulnerability that aren't a problem in most other languages. Format string vulnerabilities and buffer overflows are the two that immediately come to mind, and these will be added to the normal host of web application security considerations like SQLI, CSRF, XSS, etc.