this post was submitted on 30 Oct 2023
976 points (96.1% liked)

Programmer Humor

31214 readers
1192 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 4 years ago
MODERATORS
[email protected]
[email protected]
976
PHP is dead? (telegra.ph)
submitted 8 months ago by [email protected] to c/[email protected]
182 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago (3 children)

not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec

[–] [email protected] 7 points 8 months ago (1 children)

other languages/ stacks shy away from exec

I’m sorry, what?

[–] [email protected] 10 points 8 months ago (1 children)

Turns out arbitrary code execution is actually great(!)

[–] [email protected] 2 points 8 months ago (1 children)

it does not have to be arbitrary my dude

[–] [email protected] 2 points 8 months ago (1 children)

Problem is, you’re mixing a number of different concepts into a nonsensical claim.

Exec as an “execute a string as a language instructions” is nothing new nor unique to PHP. Ruby on Rails, for example, uses it in a controlled manner to generate methods on ActiveRecord models.

Exec as an “replace this process with another process” is old news again. It’s not even language specific.

Popen/spawn family (which seems to be what you alluded to) is, once again, nothing new and is used everywhere.

[–] [email protected] -1 points 8 months ago

i just meant that python's and node's implementation is shit

[–] TheBeege 3 points 8 months ago* (last edited 8 months ago)

All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.

~~Also, exec is a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.~~

I think you need to explore more technologies, my friend. And read up on some security things

Edit: I now realize you mean exec as in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.

[–] [email protected] 1 points 8 months ago

I personally prefer hestiaCP but yes