Hi Sara, On 12/11/18 7:19 PM, Sara Golemon wrote: On Thu, Dec 6, 2018 at 9:54 AM Dmitry Stogov <dmi...@zend.com<mailto:dmi...@zend.com>> wrote: I would like to start discussion of FFI RFC https://wiki.php.net/rfc/ffi
I said this already privately, but I just want to repeat here in the open. This thing is DANGEROUS. Yes. This may be really dangerous, as well as writing an own PHP extension or any C program. I know you know that. I'm not telling you, I'm stating it for every casual reader of this list. So while discussing details of naming and calling conventions is important, my #1 concern is how we avoid creating a potentially fatal situation for users. I like the "ffi.enable=preload" idea you came up with. I think that addresses the actual needs that FFI is trying to solve without completely opening the fire hose. Big +2 to that idea. (Although it's not expressed, I'm assuming this is PHP_INI_SYSTEM as anything else would be silly) Of course "ffi.enable" must be INI_SYSTEM (it's INI_ALL by mistake, I'll fix this and make a note in RFC). I'm not super enthused by having "ffi.enable=true" even be an option, to be quite honest. We may consider removing "ffi.enable=true", or changing its meaning to current "ffi.enable=preload". For CLI, sure but the damage that can be wrought from a web server exposed to the internet is non-trivial. And I'm also going to let my prejudice show: I don't trust someone who doesn't know how to write an extension in C to use FFI. Heck, I've seen some extensions that make me wince pretty hard, but at least there I feel like they've had to do something more thoughtful than copy-paste an example from stack overflow and change a name or two without any concern for how an unmanaged language works. I think, it's possible to use FFI without PHP extension API knowledge, but good C experience is required. And for the record, since some of my tweetings have been misconstrued, I am currently +1 on the idea as a whole. I just want flashing neon signage a mile high and a heavy, even frustrating barrier to access. The consequences of being too lax are too high. -Sara Thanks. Dmitry.
