On Thu, Mar 13, 2008 at 11:02 AM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 13, 2008 at 10:18 AM, Chris Chabot <[EMAIL PROTECTED]> wrote:
> > Basicly (in semi-pseudo code) it would mean doing something like:
> >
> > $out = tempnam('/tmp','compressout');
> > if (!$config['debug']) {
> > if (we can't retrieve the cached compressed version) {
> > @exec("java -jar {$path_to}/yuicompressor-2.2.5.jar -o
> $out --type js
> > $feature_js_file");
> > if (($contents = file_get_contents($out))) {
> > // store in cache so we don't have to keep
> compressing each
> > request
> > }
> > }
> > }
>
> Is exec as expensive in PHP as it is in most other web programming
> frameworks?
It's about as expensive as in perl or python.
> In general calling exec() in the context of a web server
> is a bad idea. It usually leads to both performance and security
> problems.
Performance is the main issue; I added escapeshellargs to prevent arbitrary
input (although the files themselves would never be user input), and php's
safe_mode ensures that only files in a specific location can be executed.
> Caching the output will reduce the problem a bit, but in
> general this seems like a suspicious coding practice.
Normally I'd agree, but unfortunately trying to implement on the fly
compression in PHP any other way would be unreasonably slow. You could write
a PHP extension for such a task, but that imposes a significantly higher
barrier to entry.
--
~Kevin
