Login   Register  
PHP Classes
elePHPant
Icontem

Security has to be priority #1 in a production environment

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  Security has to be priority #1 in a production environment  >  (Un) Subscribe thread alerts  
Subject:Security has to be priority #1 in a production environment
Summary:Security has to be priority #1 in a production environment
Messages:2
Author:Luca Ferrario
Date:2012-02-03 12:00:28
Update:2012-02-03 19:11:00
 

  1. Security has to be priority #1 in a production environment   Reply   Report abuse  
Picture of Luca Ferrario
Luca Ferrario
2012-02-03 14:23:40
I've been using the Debian default PHP (with Suhosin) for years in production and I've never had any problem. I never saw any performance loss and, even if there was, I would be happy to have my PHP scripts take some milliseconds more but my system not to be vulnerable to some zero day PHP vulnerabilities!!!
I'm really sad about Stefani Esser: he proved to be a top security expert in the past. I'll definitely continue to use Suhosin in production, even if Debian drops it as default.
Would you really want to be woken up at 03.00am with all your systems down because somebody has found a new zero day vulnerability and you decided not to have Suhosin to improve performance a bit??

  2. Re: Security has to be priority #1 in a production environment   Reply   Report abuse  
Picture of Manuel Lemos
Manuel Lemos
2012-02-03 19:11:00 - In reply to message 1 from Luca Ferrario
Exactly. It is scary. It is like driving a motocycle without wearing an helmet because that could make you run slower. Ridiculous. Better safe than sorry.