On Tue, Aug 07, 2001 at 09:13:16AM +0200, Jani Taskinen wrote:
>
> First, I'm 100% with Zeev here, kill dl()! It's evil.
>
> Second, I had an idea related to this discussion.
> I have been compiling PHP with almost every extension
> in the CVS (excluding the win32 specific) plus couple of
> 'renegade' extensions and all of them as 'static' extensions.
>
> Before I start to wonder into the land of Zend Magic, I wanted
> to ask first before I (again) waste my time creating something
> nobody likes/needs.. :)
>
> Would it be stupid to have a possibility to disable a static
> extension on startup? (for CGI) Either as php.ini directive or
> as command line option or both.
>
> It takes couple of seconds now to run some short script like this:
> <?php echo 'Foo\n'; ?>
> on the command line.. :)
i bet this is the pure load-time of your php-executable
(loading a lot of shared libs).
tc
>
> --Jani
>
>
> On Tue, 7 Aug 2001, Zeev Suraski wrote:
>
> >I disagree in two levels. First, I think that saying "We can't protect
> >people from their stupidity, so let's lift all bars" is just plain wrong
> >and a bad approach in a real world situation. Sure, it's true, but we can
> >definitely reduce the risks involved in common mistakes that people
> >make. Not bulletproof, but sometimes simply hinting people not to go
> >around places where shots are fired is good enough.
> >
> >On the second level, there are several other reasons not to keep dl() which
> >aren't related to security or preventing people from doing the wrong
> >things. These are:
> >- Slow performance, encourages slow app writing
> >- Complicates the development of extensions and the engine
> >- Will not work in thread safe mode
> >
> >All in all, dl() is simply bad, in just about every level.
> >
> >Zeev
> >
> >At 00:03 07-08-01, George Schlossnagle wrote:
> >> > In a few words:
> >> > For a webserver: ban dl()
> >> > For generic scripting: keep dl()
> >>
> >>What's really the point of protecting people from their stupidity. If
> >>you're going to keep it in the generic scripting engine (which I think has
> >>lots of value), why not keep it in the webserver engine as well. There are
> >>plenty of php extensions which, imho, operate way to slow to called on a
> >>busy production site. Does that mean they should be eliminated? No, it
> >>means they should just be used with a 'buyer-beware' mentality.
> >>
> >>George
> >
> >--
> >Zeev Suraski <[EMAIL PROTECTED]>
> >CTO & co-founder, Zend Technologies Ltd. http://www.zend.com/
> >
> >
> >
>
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
