Did a quick experiment using yuicompressor, and compressing the
javascript in the JsLibrary class (since the PHP version caches the
entire JsFeatureFactory, for performance reasons, so this ends up being
the most logical place).
Results are:
- Initial first request is terribly slow, 7 to 10 seconds wait just
about, this is a huge downside
- Every next request is as fast as it was before, since the results were
cached
- Gadget file size (using google's horoscope as example) went from 55k
to 18k, so a very nice gain
As far as security risks go i'm not to concerned since its isolated from
user input (the only thing that's input here is a feature name, which
loads a feature.xml, which then requests .js files, which then are
compressed ... so the user input part happens at the
<feature_name>/feature.xml part, and not in anything that's parsed to
the command line.
However the initial page load worries me of course, a quick wget on a
empty gadget that requires everything would fix this, but it's far from
ideal... However lacking any type of build system it's hard to integrate
into the deployment process, it still seems a viable option.
What do you guys recon about this all?
-- Chris
On Thu, 2008-03-13 at 11:09 -0700, Kevin Brown wrote:
> On Thu, Mar 13, 2008 at 11:02 AM, Brian Eaton <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Mar 13, 2008 at 10:18 AM, Chris Chabot <[EMAIL PROTECTED]> wrote:
> > > Basicly (in semi-pseudo code) it would mean doing something like:
> > >
> > > $out = tempnam('/tmp','compressout');
> > > if (!$config['debug']) {
> > > if (we can't retrieve the cached compressed version) {
> > > @exec("java -jar {$path_to}/yuicompressor-2.2.5.jar -o
> > $out --type js
> > > $feature_js_file");
> > > if (($contents = file_get_contents($out))) {
> > > // store in cache so we don't have to keep
> > compressing each
> > > request
> > > }
> > > }
> > > }
> >
> > Is exec as expensive in PHP as it is in most other web programming
> > frameworks?
>
>
> It's about as expensive as in perl or python.
>
>
> > In general calling exec() in the context of a web server
> > is a bad idea. It usually leads to both performance and security
> > problems.
>
>
> Performance is the main issue; I added escapeshellargs to prevent arbitrary
> input (although the files themselves would never be user input), and php's
> safe_mode ensures that only files in a specific location can be executed.
>
>
> > Caching the output will reduce the problem a bit, but in
> > general this seems like a suspicious coding practice.
>
>
> Normally I'd agree, but unfortunately trying to implement on the fly
> compression in PHP any other way would be unreasonably slow. You could write
> a PHP extension for such a task, but that imposes a significantly higher
> barrier to entry.
>
