Raphters: A web framework for C
thechangelog.comThis seems to be quite well written. However, this is a really bad idea for anything other than learning/hobby work. Writing a web application in C is just asking for security trouble.
Writing in C introduces whole families of vulnerability that aren't a problem in most other languages. Format string vulnerabilities and buffer overflows are the two that immediately come to mind, and these will be added to the normal host of web application security considerations like SQLI, CSRF, XSS, etc.
Author here. I completely agree. I wrote this just because I could and because I was going through a phase of writing everything in C. I wouldn't recommend anyone actually try to use it.
Just out of curiosity . . .
What followed the phase in which you were writing everything in C?
I got my first job. There's nothing like a dose of the real world to break you out of such phases. However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.
It's only been recently that I have started sitting down with projects and thinking, which language makes sense here?
> However, I still hadn't reached maturity, I just had a complete reversal and started writing everything in Haskell instead.
I've been through these phases too. But they keep on recurring time after time. I've been writing everything in C, then C++, then Haskell, then back to C and this has been going on for years.
Well at least both Haskell and C have good educational value, so even if it is a bit odd, you're still learning valuable skills.
I've been through these phases too. But they keep on recurring time after time.
Me too. As I get older, though (I'm well past "maturity" ;), I find myself going back to C more and more. I'm not exactly sure why.
I do think, though, that while our discussions of programming languages nearly always revolve around this or that feature making things easier, or more efficient, or more fault-tolerant, or whatever, there's also an element of "intellectual fun" (or something like that).
I won't say I never get aggravated writing C, but I often enjoy the puzzles that emerge. Trying to figure out how to do something in C, trying to visualize what's going on with the memory, creating clever little pointer-machines -- it's just as fun as doing analogous things with Lisp or Haskell (during one's obligatory Lisp and Haskell phases).
Ah, the write everything in C phase. I had a lot of fun during that :D
Indeed...it's quite comforting in a world full of every JS/Python/Lua/Ruby/.NET/etc/etc framework imaginable, leaving C behind has solved web application security problems. Where is my sarcasm tag.
I've gone back to writing most things in C. Including web apps. If you're a crappy programmer, the "new hip" languages might protect you from some classes of issues, but the idea that you're "safer" is deeply, deeply misguided.
Seems like a good option for hardware devices like routers, firewall appliances, ... This won't be the next agile, ninja hacker, 1337 web development platform. But it could have it's own niche of the market.
> his won't be the next agile, ninja hacker, 1337
I remember words like "hacker" and "1337" being used to refer to people who did reverse engineering, participated in the demoscene or just defaced websites for fun. My, how the tables have turned.
I'm just using random hipster words to show how I feel about those web frameworks. It's a miracle I didn't tag it #YoloSwag
Do you remember ninja hackers do that?
Even stuff like that has enough memory to run something like Tcl or Lua though, which are likely to be a bit safer.
I'd love if it was in my routers, the currently consumer-level routers are so bad I have to purchase based on whether I can replace the firmware with OpenWRT.
This is a cool project, but if you're looking for something that is safer and yet runs at similar speeds and requires similarly low memory levels, I suggest vibe.d -- D's primary web framework[0]. It's progressing very quickly.
Edit: Added "safer", which was my original point here that I forgot to include.
Just clicked your link to check it out, 500 with a stack trace :/
Back up now. I'm very surprised that HN gave them any problems, even on an underpowered machine.
This is two years old. Another web application framework in C is Klone: http://www.koanlogic.com/klone/index.html
You can also add Duda.IO to the list: http://duda.io/
Oh yeah. Duda.IO totally rocks! Used it, love it!
Psst: There are very nice improvements coming to that project …
Another one quite more complete: https://github.com/davidmoreno/onion
Disclaimer: I'm the author.
And then there is also Kore: https://kore.io
This is news to me. Each to their own, I guess.
"If you’re a C developer looking for speed (and security) you might give Raphters a look for your next web project."
I had a laugh, mixing C and security on the same sentence.
Author here. Yes, I can only look back and cringe.
Obligatary on-topic comment: seems like a lot of code for a not a lot of result; I would like to see templates (with optional template parms) used to provide the 'usual' values. (yes I know templates aren't C, but you can use them minimalistically since they're orthogonal to the rest of C++.)
Digression comment: Has anyone used GWAN? It looks awesome, but the website hints at some eccentricity. http://gwan.com/
ahahah "eccentricity" best adjective craftsmanship ever...
looks like a cool idea but i feel like hardware-optimization stuff will be wrapped into server OS eventually if its meant to be (I'm sure it already is in some ways). If you want to be cutting edge tho give it a shot?
eheh so impressed with "eccentric" tho. it's funny i love Clojure & i feel like its a bunch of "eccentric" vibing trying to tame itself into something that looks like trendy web sites (Rails community kinda pages, though in Rails it seems there is a flashy site for practically every popular gem whereas in Clojure the biggest thought they're willing to formulate is some real minimal framework)
Here's a review of GWAN:
http://devopstom.com/blogish/gwan-snakeoil-beware/
Not very positive.
Previous discussion on HN:
https://news.ycombinator.com/item?id=4109698
Contains this little comment by me:
https://news.ycombinator.com/item?id=4109804
> From the site (which seems to disallow copy-paste):
>> The next time someone feels the need to publicly call G-WAN's (1-page) license "weird" or "insane", look at what they sell and who they get their revenues from. Unlike for G-WAN, what they offer is not free for all.
> They have redefined the word 'free' into a fine mist if they expect you to believe Apache and nginx are not free. They're doing something I've seen done before; oddly, it was mainly being done by Usenet trolls.
I wouldn't say I've been missing it, Bob
Ah, RAPHT is so much clearer than MVC: https://github.com/DanielWaterworth/Raphters/blob/master/RAP.... I would love to see more projects adopt this architecture.
Is it? It's not really clear what a 'transformation of data' entails, or why handlers and actions are separated.
"Transformation of data" makes a lot of sense if you're accustomed to "pipes and filters" architectures. It's anything your program might actually do with data that passes through it. Doesn't matter what it is – it's a black box!
Why should handlers and actions be separated? Because they're different things! This is already standard in web architectures: the router is a collection of handlers and the functions that the router calls out to are actions. I like that actions are separated out from the monolithic "controller".
How do the templates work? I've only ever used ClearSilver templates with C.
This is the only instruction on how to run the examples:
"The examples are deployable via fastcgi."
A more hand-holdey approach may be appreciated.
A masochists' best friend. All joking aside, good job.