NYCPHP Meetup

NYPHP.org

[nycphp-talk] security? we don't need no stinkin security!

Chris Snyder csnyder at chxo.com
Fri Dec 5 12:35:50 EST 2003


David Mintz wrote:

>Yeah, I can see where parsing and loading 2500 lines of code of which you
>only need %10 is a performance hit in an interpreted language, -- leaner
>and meaner equals faster. But doesn't hardware evolve in the direction of
>faster, and isn't PHP itself's performance being improved so that it's
>ever faster at loading PHP code?
>  
>
It's not just the performance hit -- which can be significant (fear the 
Smarty demo) -- there may be security implications as well. (back to the 
subject line?)

For rapid development or prototyping, there is no question that 
(re)using classes a la Pear is an attractive option. Certainly for 
specialized tasks (parsing mp3 ID3 tags comes to mind). But at some 
point, you have to take a hard look at the 90% that you're not using, 
and consider writing bespoke classes. Do this a few times and you begin 
to see Pear as not so useful.

The nice thing about OO is that the rewrite only has to implement the 
bits of the original API that your application uses. Not painless, but 
not so bad, either. Unless the class you're replacing had an inefficient 
way of doing things...

     csnyder




More information about the talk mailing list