On Thu, Dec 6, 2018 at 9:54 AM Dmitry Stogov <dmi...@zend.com> wrote:
> I would like to start discussion of FFI RFC https://wiki.php.net/rfc/ffi > > I said this already privately, but I just want to repeat here in the open. This thing is DANGEROUS. I know you know that. I'm not telling you, I'm stating it for every casual reader of this list. So while discussing details of naming and calling conventions is important, my #1 concern is how we avoid creating a potentially fatal situation for users. I like the "ffi.enable=preload" idea you came up with. I think that addresses the actual needs that FFI is trying to solve without completely opening the fire hose. Big +2 to that idea. (Although it's not expressed, I'm assuming this is PHP_INI_SYSTEM as anything else would be silly) I'm not super enthused by having "ffi.enable=true" even be an option, to be quite honest. For CLI, sure but the damage that can be wrought from a web server exposed to the internet is non-trivial. And I'm also going to let my prejudice show: I don't trust someone who doesn't know how to write an extension in C to use FFI. Heck, I've seen some extensions that make me wince pretty hard, but at least there I feel like they've had to do something more thoughtful than copy-paste an example from stack overflow and change a name or two without any concern for how an unmanaged language works. And for the record, since some of my tweetings have been misconstrued, I am currently +1 on the idea as a whole. I just want flashing neon signage a mile high and a heavy, even frustrating barrier to access. The consequences of being too lax are too high. -Sara
