search

arnaud-lb / php-memory-profiler

Memory profiler for PHP. Helps finding memory leaks in PHP scripts.
MIT License
858 stars 51 forks source link

Question: overhead for production environment without triggering activation profile process #104

Closed andrew-demb closed 2 months ago

andrew-demb commented 2 months ago

Description

We want to simplify the process of profiling application memory in the production environment, allowing it to profile memory at any time needed.

For such a result, we consider installing the memprof extension in the production docker image for the long term (and trigger profile specially and securely).

This statement can be found in the readme:

The extension has no overhead when not profiling, so it can be loaded by default on dev environments.

So the question is: Does the current extension add overhead when we don't enable it (for production)?

arnaud-lb commented 2 months ago

Hi

Currently the extension does not add any overhead when it's not profiling. However there is a potential security risk with enabling it in production, as it is controlled via _GET parameters (there is at least a risk DoS risk).

andrew-demb commented 2 months ago

Thank you.