First, I'm 100% with Zeev here, kill dl()! It's evil.

Second, I had an idea related to this discussion.
I have been compiling PHP with almost every extension
in the CVS (excluding the win32 specific) plus couple of
'renegade' extensions and all of them as 'static' extensions.

Before I start to wonder into the land of Zend Magic, I wanted
to ask first before I (again) waste my time creating something
nobody likes/needs.. :)

Would it be stupid to have a possibility to disable a static
extension on startup? (for CGI) Either as php.ini directive or
as command line option or both.

It takes couple of seconds now to run some short script like this:
<?php echo 'Foo\n'; ?>
on the command line..  :)


On Tue, 7 Aug 2001, Zeev Suraski wrote:

>I disagree in two levels.  First, I think that saying "We can't protect
>people from their stupidity, so let's lift all bars" is just plain wrong
>and a bad approach in a real world situation.  Sure, it's true, but we can
>definitely reduce the risks involved in common mistakes that people
>make.  Not bulletproof, but sometimes simply hinting people not to go
>around places where shots are fired is good enough.
>On the second level, there are several other reasons not to keep dl() which
>aren't related to security or preventing people from doing the wrong
>things.  These are:
>- Slow performance, encourages slow app writing
>- Complicates the development of extensions and the engine
>- Will not work in thread safe mode
>All in all, dl() is simply bad, in just about every level.
>At 00:03 07-08-01, George Schlossnagle wrote:
>> > In a few words:
>> > For a webserver: ban dl()
>> > For generic scripting: keep dl()
>>What's really the point of protecting people from their stupidity.  If
>>you're going to keep it in the generic scripting engine (which I think has
>>lots of value), why not keep it in the webserver engine as well. There are
>>plenty of php extensions which, imho, operate way to slow to called on a
>>busy production site.  Does that mean they should be eliminated?  No, it
>>means they should just be used with a 'buyer-beware' mentality.
>Zeev Suraski <[EMAIL PROTECTED]>
>CTO &  co-founder, Zend Technologies Ltd.

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to