not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec
Problem is, you’re mixing a number of different concepts into a nonsensical claim.
Exec as an “execute a string as a language instructions” is nothing new nor unique to PHP. Ruby on Rails, for example, uses it in a controlled manner to generate methods on ActiveRecord models.
Exec as an “replace this process with another process” is old news again. It’s not even language specific.
Popen/spawn family (which seems to be what you alluded to) is, once again, nothing new and is used everywhere.
All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.
Also, exec is a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.
I think you need to explore more technologies, my friend. And read up on some security things
Edit: I now realize you mean exec as in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.
not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec
I’m sorry, what?
Turns out arbitrary code execution is actually great(!)
it does not have to be arbitrary my dude
Problem is, you’re mixing a number of different concepts into a nonsensical claim.
Exec as an “execute a string as a language instructions” is nothing new nor unique to PHP. Ruby on Rails, for example, uses it in a controlled manner to generate methods on ActiveRecord models.
Exec as an “replace this process with another process” is old news again. It’s not even language specific.
Popen/spawn family (which seems to be what you alluded to) is, once again, nothing new and is used everywhere.
i just meant that python’s and node’s implementation is shit
All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.
Also,execis a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.I think you need to explore more technologies, my friend. And read up on some security things
Edit: I now realize you mean
execas in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.I personally prefer hestiaCP but yes