On Sunday, 1 July 2012 at 11:22:53 UTC, Dmitry Olshansky wrote:
On 01-Jul-12 12:29, SomeDude wrote:
On Sunday, 1 July 2012 at 08:04:48 UTC, SomeDude wrote:
OTOH, it seems to me that a web server that relies on C for
everything
**is** very strongly subject to security issues.
Yes, it's one things I don't like about it - apparently GWAN
would crash the moment your C servlet segfaults. Ah, the
pleasure of native scripts ;)
The code that
generates pages must be absolutely bug free before being put
in
production, which is hard with C for anything that is not
trivial.
Use D! :) Or any other language, I see a list of supported
native languages in its docs.
What I meant was, the author of G-WAN boasts high performance
because his servlets are in C. But making a dynamic website in C
is very both unproductive and very risky, security wise, so very
few companies would do that unless for delivering static pages.
And if you use another language, then the performance drops and I
suppose you get performance closer to nginx and lighthttpd (with
D and C++, less than with some other languages).
The fact that most production libraries (that are portable) are
written in C largely defeats the point of
"... must be absolutely bug free before being put in
production, which is hard with C for anything that is not
trivial. "
Also web server need NOT be absolutely bug free. It just
shouldn't CRASH. So memory corruption is no go, logic errors
and such are possible. Software always has bugs, there is no
such thing as "bug-free" for anything not trivial. It's just
they are not important or hard to trigger + "lack of feature"
bugs.
As you say, memory corruption is a no go, so I would probably
never use C for a serious website.
BTW PHP is a hell of a bug (not counting bugs in scripts) yet
it's out in the open serving most of web sites today.
Yes but PHP doesn't suffer too many memory corruption bugs, so
there is no risk of shell code injection.