Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

There's already some information on the project posted on its homepage, but since it's still a beta preview of the code, the feature list and documentation isn't complete. If you'd like to check out this project in its early stages and see what it's all about, a great place to start is the current information including links to the downloads and how to get it set up on your install.

There's been a blip on the PHP blogosphere (think what you will of that word, it's accurate) regarding PHP's "inherent security flaws."

I guess it's time to toss in my 2c (even though I was one of the first to reply to Chris' post on this). Since I like similes, I propose the following: coding is like driving.

He continues the metaphor, stating that no one is a great driver when they first start - the same with coding. There's always a learning process. He also notes that it's not PHP's responsibility to police this inexperience. Experience comes with time and good security in PHP applications comes with experience...]]> Wed, 25 Jan 2006 06:35:49 -0600