Zeev Suraski wrote: > > Shane, > > Please read the archives - the performance issue was well covered.
I read the archives, and spent a lot of time looking for more than I found. > The stability issue is fairly obvious (you're much more likely to screw up > in a multithreaded environment if you load/unload libraries like hell, than > you are if you load them once, process-wide; this affects both code in PHP > and code in the libraries themselves). That has nothing to do with dynamically loading modules at runtime. First, the modules should not be unloaded until php is unloaded. Otherwise you certainly would have performance issues, and plenty of management issues. Second, if the code in the libraries themselves is effected, that simply points to problems in the library, or in the way php handles modules. (And that is what I am trying to get to the root of.) > The security issue is fairly > obvious as well - by definition, if you let users load arbitrary code in > runtime, from within a script, you're begging for trouble. Of course, if > PHP was a fort it wouldn't have been a problem but you know it is not. Arbitrary code? extension_dir defines where you can load from, and you can only load dll's that exist within that. Additionally, the dl loading code looks for specific exports to even be able to load the dll. The only security issue is if the administrator puts arbitrary dll's into the path defined by extension_dir. The really paranoid can disable the function in php.ini. If you're worried about security issues with dl, we should all be much more fearful of the COM, Corba and .Net extensions. > There's nothing theoretical about these drawbacks, they're very > concrete. On the other hand, I can only find theoretical advantages to > using dl() (or for that matter, not using php.ini); You said you don't > like it, but there's really nothing wrong with it). I just find it more than slightly sad that PHP cannot dynamicly load extensions when Perl, Python, and other script languages don't have problems with this, and are in fact designed to do it that way to begin with. I think it's very short sighted to not have this ability. But I'm not going to waste any more of my time on it. Shane -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
