First, I'm 100% with Zeev here, kill dl()! It's evil.
Second, I had an idea related to this discussion.
I have been compiling PHP with almost every extension
in the CVS (excluding the win32 specific) plus couple of
'renegade' extensions and all of them as 'static' extensions.
Before I start to wonder into the land of Zend Magic, I wanted
to ask first before I (again) waste my time creating something
nobody likes/needs.. :)
Would it be stupid to have a possibility to disable a static
extension on startup? (for CGI) Either as php.ini directive or
as command line option or both.
It takes couple of seconds now to run some short script like this:
<?php echo 'Foo\n'; ?>
on the command line.. :)
--Jani
On Tue, 7 Aug 2001, Zeev Suraski wrote:
>I disagree in two levels. First, I think that saying "We can't protect
>people from their stupidity, so let's lift all bars" is just plain wrong
>and a bad approach in a real world situation. Sure, it's true, but we can
>definitely reduce the risks involved in common mistakes that people
>make. Not bulletproof, but sometimes simply hinting people not to go
>around places where shots are fired is good enough.
>
>On the second level, there are several other reasons not to keep dl() which
>aren't related to security or preventing people from doing the wrong
>things. These are:
>- Slow performance, encourages slow app writing
>- Complicates the development of extensions and the engine
>- Will not work in thread safe mode
>
>All in all, dl() is simply bad, in just about every level.
>
>Zeev
>
>At 00:03 07-08-01, George Schlossnagle wrote:
>> > In a few words:
>> > For a webserver: ban dl()
>> > For generic scripting: keep dl()
>>
>>What's really the point of protecting people from their stupidity. If
>>you're going to keep it in the generic scripting engine (which I think has
>>lots of value), why not keep it in the webserver engine as well. There are
>>plenty of php extensions which, imho, operate way to slow to called on a
>>busy production site. Does that mean they should be eliminated? No, it
>>means they should just be used with a 'buyer-beware' mentality.
>>
>>George
>
>--
>Zeev Suraski <[EMAIL PROTECTED]>
>CTO & co-founder, Zend Technologies Ltd. http://www.zend.com/
>
>
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
