On Tue, Aug 07, 2001 at 09:13:16AM +0200, Jani Taskinen wrote:
> 
> First, I'm 100% with Zeev here, kill dl()! It's evil.
> 
> Second, I had an idea related to this discussion.
> I have been compiling PHP with almost every extension
> in the CVS (excluding the win32 specific) plus couple of
> 'renegade' extensions and all of them as 'static' extensions.
> 
> Before I start to wonder into the land of Zend Magic, I wanted
> to ask first before I (again) waste my time creating something
> nobody likes/needs.. :)
> 
> Would it be stupid to have a possibility to disable a static
> extension on startup? (for CGI) Either as php.ini directive or
> as command line option or both.
> 
> It takes couple of seconds now to run some short script like this:
> <?php echo 'Foo\n'; ?>
> on the command line..  :)

    i bet this is the pure load-time of your php-executable
    (loading a lot of shared libs). 

    tc
> 
> --Jani
> 
> 
> On Tue, 7 Aug 2001, Zeev Suraski wrote:
> 
> >I disagree in two levels.  First, I think that saying "We can't protect
> >people from their stupidity, so let's lift all bars" is just plain wrong
> >and a bad approach in a real world situation.  Sure, it's true, but we can
> >definitely reduce the risks involved in common mistakes that people
> >make.  Not bulletproof, but sometimes simply hinting people not to go
> >around places where shots are fired is good enough.
> >
> >On the second level, there are several other reasons not to keep dl() which
> >aren't related to security or preventing people from doing the wrong
> >things.  These are:
> >- Slow performance, encourages slow app writing
> >- Complicates the development of extensions and the engine
> >- Will not work in thread safe mode
> >
> >All in all, dl() is simply bad, in just about every level.
> >
> >Zeev
> >
> >At 00:03 07-08-01, George Schlossnagle wrote:
> >> > In a few words:
> >> > For a webserver: ban dl()
> >> > For generic scripting: keep dl()
> >>
> >>What's really the point of protecting people from their stupidity.  If
> >>you're going to keep it in the generic scripting engine (which I think has
> >>lots of value), why not keep it in the webserver engine as well. There are
> >>plenty of php extensions which, imho, operate way to slow to called on a
> >>busy production site.  Does that mean they should be eliminated?  No, it
> >>means they should just be used with a 'buyer-beware' mentality.
> >>
> >>George
> >
> >--
> >Zeev Suraski <[EMAIL PROTECTED]>
> >CTO &  co-founder, Zend Technologies Ltd. http://www.zend.com/
> >
> >
> >
> 
> 
> 
> -- 
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to