Juerd wrote:
Matt Sergeant skribis 2005-05-25 11:41 (-0400):
It's probably just an oversight. I don't think taint checking requires
a lot of overhead.
On my server (non-highperf), I removed -wT and performance got much
better (that is: load dropped). I re-enabled it a few days later to make
sure it really was the -wT. It was. It's now disabled again.
I'm willing to exchange some security for performance in this case. But
I do think -T should stay the default.
I have no idea which of -w and -T had which overhead.
It depends on how you're using it. If you're not using forkserver or some
persistent method, and recompiling it everytime, -w is going to add a lot of
overhead, as it checks the script when it compiles. If you're using some sort
of persistent method that avoids recompiling every time (fork server, pperl,
speedy cgi, high_perf) it shouldn't make a difference other than when it starts
up (I think).
-T adds a little bit of overhead, in that it tracks variables that came from
outside and have not been validated/cleaned. I wonder how it scales, though, if
there are thousands of connections/variables..
