knl@xxxxxxxxxxx wrote:
On Tue, 28 Dec 2010 23:25:57 -0600
Donovan Brooke<lists@xxxxxxx> wrote:
and btw, I found that Billy Hoffman article
to be inaccurate in many of his assertions.
Would you mind sharing in what ways you found his assertions inaccurate?
Kind regards,
Kim
Cheers,
Donovan
--
D Brooke
Well sure.. I have some time.. it's the holidays. ;-)
I don't entirely agree with the premise first of all... I think serving
dynamic content at runtime works well 90% (loose figure) of the time and
ultimately creates a system that is easy to troubleshoot and maintain,
and which always has realtime accurate data.
I should first preface my comments that I am not against a publishing
system, nor a caching system when the project needs, or
growth/performance needs, would require (or could benefit from) it..
however, I also believe that those requirements are a small portion of
the projects/jobs out there these days.
The author says:
"Since the web server is not serving a static file, there will be no
Last-Modified header sent by default. That means no conditional GETs and
no 304 responses which means lots of bandwidth consumption."
That is not quite accurate.. a programmer can force http headers.
"PHP, like virtually all application tiers, produces a chucked response.
This is because the web server has no idea what the content length will
be because it is dynamically generated. Dynamically generated chunked
responses will not send the Accept-Range header. This means no pausing
or resuming or error recovering. The entire resource must be re-downloaded."
First, I think he means "Accept-Ranges" header.. and as in my previous
comment, a programmer can manipulate http headers... which makes some of
his other reasoning not quite accurate.
Lastly he proceeds on to illustrate a dynamic resource
(http://example.com/combine.php?files=a.js|b.js|c.js), apparently, as a
a reason why serving dynamic content is not as good as serving static
content (for security reasons). At this point, it's really just him
showing off his ability to spot hackable code I think. ;-) My answer to
that is that it has nothing to do with runtime code vs. published static
content, and everything to do with the noob programmer who decided to
make a hackable get request a part of their app.
Overall, to me that article may provoke some good thought.. but I would
treat it like Rush Limbaugh.. don't buy into all of it.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
