The Dependency Injection Container is now written to disk. When there is no container file available then the DIC is compiled and if the storage backend is writeable then it is written to disk. By default this is written in a tricky (slightly slower but more secure) way into the public files directory. There is, however, a plain PHP backend which can be used for faster reads and writes but it is advised to be used on a non-shared system and on one where a directory is writeable by Apache outside of the document root. Finally, there is a variant of the plain PHP backend which does not support writing. In a development-staging-production environment as the DIC only changes when new modules are deployed (or when someone edits code) it is entirely possible to compile the DIC on the staging system and deploy it together with new code. Enabling a new module on production with this read only backend will end up with a performance loss because on every request the compilation pass needs to run. This can also be used for development purposes: just point the readonly backend to an empty directory. So every case is covered: shared hosts can use the more secure version, more advanced hosts can choose between writeable and readonly versions of the plain PHP backend depending on their security needs and workflow.
Similar concerns will apply to Twig once it is committed.
Commenting on this Story is closed.