I feel like I’m missing something. How do people justify the security implications of manual memory management when building a publicly accessible web service with Zig?

▲

echelon 40 minutes ago | parent | next [-]

Zig is for C/C++ folks that seem to dislike Rust's strictness and ceremony.

Zig seems great if you're comfortable in C/C++ but want to try new things.

You should not go backwards from Golang -> Zig. That's a regression in safety.

▲

Svoka 4 hours ago | parent | prev | next [-]

No, you don't.

Lets be honest Zig is a shiny new shit for people who doesn't want to learn and want everything to be familiar but new.

Criticism of it is not allowed and would be downvoted by bandwagon fanboys.

	▲	xpe an hour ago \| parent [-]
		I downvoted because I'm interested in charitable, non-disparaging conversation. I post this so the above commenter doesn't confuse a downvote (1 bit of information) as validation of their claim. I'm personally uninterested in spending much time looking at Zig right now, but I'm keeping an eye on it and generally interested in the progression of languages over time.

▲

ridiculous_leke 6 hours ago | parent | prev [-]

In practice aren't such services behind a reverse proxy/WAF? The other day I found an endpoint in the wild outputting a DB table. I tried fuzzing it to gather more evidence of a SQL injection vuln but my attempts were flagged by AWS WAF.