Login   Register  
PHP Classes
elePHPant
Icontem

suhosin optional

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  suhosin optional  >  (Un) Subscribe thread alerts  
Subject:suhosin optional
Summary:Give the user ultimate decision
Messages:2
Author:Christian Sager
Date:2012-02-06 18:53:44
Update:2012-02-06 21:07:03
 

  1. suhosin optional   Reply  
Picture of Christian Sager
Christian Sager
2012-02-06 20:54:16
I would like to see suhosin optional by php.ini option. In this way a web master can evaluate the risk and benefits.

I strongly encourage the core php team to give more attention to security issues, especially addressing long known problems.

Clearly adding security fixes is dicey, as the current example shows. To me the strategy should be to provide security improvements as option if a measure cannot be agreed upon unanimously.

  2. Re: suhosin optional   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-02-06 21:07:03 - In reply to message 1 from Christian Sager
Well Suhosin is already an extension that you can control via php.ini, it just does not come built-in PHP.

It seems the PHP core team and Stefan Esser have fundamental differences of opinion on what is accepted to include in a security extension like this, so it is unlikely that Suhosin will be ever integrated in the PHP core.