nice writeup again!
I'm also unsure of enabling / disabling suhosin.
If i got it right, there is a strong believe that if suhosin is disabled, more vulun's will be found ...
i like php, gave me a start in developing .... now im more in c# / asp / ... and i think about "rewriting" critical stuff to be a different tech ... specially with online-commerce where money is involved .... f.e creating webservices that are only used from php sites to do the actual business-stuff...
you think it's that critical ?
Manuel Lemos - 2012-02-03 19:11:15 - In reply to message 1 from chris
It is hard to put in in just a few words. It will give a whole article to talk about it.
Just a few features, basically it provides protection against eventual PHP bugs that may cause memory allocation overrun, it can encrypt your site cookies (and session cookies) to avoid attackers tampering your cookies and manipulate your application, etc..