Hi Stas, On Wed, Apr 13, 2016 at 2:25 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: >> Lack of proper API for required task is our problem. Misuse is not ours. >> IMHO. > > No, it is our problem. We can't just create whatever and throw it over > the fence. The properly designed API has to make correct use very easy > and incorrect use very hard. That's the point of designing the API, not > just giving people means to run random pieces of C code from PHP. > > With that in mind, the API should be designed so that misuse - > especially unintentional misuse - is hard. Not impossible - that we > can't do - but hard. It *is* our responsibility.
I know there are different point views, but I'm against this POV. There _must_ be API that achieves well defined tasks. There are many APIs that do not do this, but I don't think this would be an excuse. There are many examples in security related APIs. Examples are - Database API that lacks basic escape function. Most DB APIs lack "identifier" escape API or even "string literal" escape API. - XPath 1.0 lacks "string literal" escape API at all. I guess the API author's intention is "to avoid misuse of escape API". This approach is proven to create more issues rather than preventing issues. IMHO, there must be API for well defined/mandatory/recommended tasks. > >> The best way to perform GC would be cron task. Low traffic sites can >> make sure obsolete session is deleted. High traffic site can avoid >> occasional slow down by GC. I suppose almost all high traffic sites >> uses memcached or like that does not require PHP's session GC at all, >> though. > > Please be aware that the use case you are currently considering - > whatever it is, does not matter - is about 0.001% of all use cases, or > less. Just because PHP runs on millions of sites with wildly different > requirements. So we should support big sites, small sites, slow sites, > fast sites, etc. My proposal is based on previous point of view. All of PHP users _should_ avoid probability based GC whenever it is possible. Why we shouldn't have API that kills custom of probability based usage? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
