PHPDeveloper.org: Brandon Savage's Blog: Suhosin: The Invisible Hand Of PHP

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Symfony Blog: Running a TV station with symfony

Eli White's Blog: Conferences, Speakers & Presentations

Ibuildings techPortal: Zend Studio formatted for Zend Framework and ATK

NETTUTS.com: How to Create a PHP/MySQL Powered Forum from Scratch

InsicDesigns Blog: Embracing PHP 5.3 MVC with MiMViC

Brandon Savage's Blog: Learning Zend Framework: A Case Study

Ibuildings Blog: New white paper: Continuous Integration

Site News: Blast from the Past - One Year Ago in PHP

P'unk Avenue Blog: Faster, PHP! Kill! Kill!

Jack Diederich's Blog: Comparing the Ruby/PHP/Python C Interpreters

Brandon Savage's Blog:
Suhosin The Invisible Hand Of PHP

by Chris Cornutt November 18, 2009 @ 08:14:52

Brandon Savage has written up a look at the Suhosin patch for PHP (a project lead by Stefan Esser), what it can do for your PHP installation and his opinion on the benefits.

Last week, I received an email from someone who told me how the Suhosin patch had created problems for their team, and suggested that I write about it here. I thought this was a great idea, for a number of reasons. Particularly, Suhosin is one of those PHP patches that alters the way PHP operates in a fundamental fashion, yet also is installed by default in many places (for example, Ubuntu compiles this patch in by default on their installation).

He talks about some of the features it includes - disabling eval, not allowing for remote includes, makes it possible to modify the memory limit per script and allows you to set limits on the length of REQUEST arrays. He notes that, while the Suhosin patch is a good thing and can make a real difference in your application, it's by no means a requirement to creating a secure application (and shouldn't be used as a replacement for such).

There's also an interesting comment from Stefan Esser himself on the comments Brandon made in the post.

0 comments voice your opinion now!
suhosin patch stefanesser security

Similar Posts

Community News: WordPress 2.0.6 Released to Resolve Security Issues

Mark Jaquith's Blog: WordPress 2.0.6: Feedburner issue, and fix

ThinkPHP Blog: Leveraging Security to PHP (using sausages)

Community News: Stefan Esser Named to eWeek's The 15 Most Influential People in Security Today

Stefan Esser's Blog: Suhosin 0.9.20 and crypt() Thread Safety Vulnerability

Community Events

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework