You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Nicholas Telford (JIRA)" <ji...@apache.org> on 2010/03/01 13:46:05 UTC
[jira] Commented: (THRIFT-717) Global variables should not be used
for configuration of PHP library
[ https://issues.apache.org/jira/browse/THRIFT-717?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839664#action_12839664 ]
Nicholas Telford commented on THRIFT-717:
-----------------------------------------
Ok, sure, the performance and security issues are fairly pointless. The biggest problem here is pollution of the global namespace, which is a bit of a show-stopper when integrating in to larger frameworks or libraries.
Constants work because they don't pollute the $GLOBALS super-global and are immutable, so other system components can't accidentally modify them (i.e. through naming clashes) without the developer being alerted to it.
I thought I'd got all references to $GLOBALS['THRIFT_ROOT'], I take it some reside outside of lib/php/src/ ?
> Global variables should not be used for configuration of PHP library
> --------------------------------------------------------------------
>
> Key: THRIFT-717
> URL: https://issues.apache.org/jira/browse/THRIFT-717
> Project: Thrift
> Issue Type: Improvement
> Components: Library (PHP)
> Reporter: Nicholas Telford
> Priority: Minor
> Attachments: thrift_php_globalsToConstants.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The Thrift PHP library makes gratuitous use of the $GLOBALS array to store basic configuration.
> Globals in PHP are generally bad practice, so I suggest something else: Use constants.
> Being immutable, constants are more secure than globals (that could be overwritten in scripts susceptible to injection attacks); they also perform much better, since the $GLOBALS variable is a hash-table, lookups are comparatively expensive.
> I will attach a patch soon unless anyone has any better ideas.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.