Login   Register  
PHP Classes

what issues are covered by suhosin ?

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  what issues are covered by suhosin ?  >  (Un) Subscribe thread alerts  
Subject:what issues are covered by suhosin ?
Summary:what doors are now open when suhosin is disabled ?
Date:2012-02-03 12:49:21
Update:2012-02-03 19:11:15

  1. what issues are covered by suhosin ?   Reply   Report abuse  
Picture of chris
2012-02-03 14:23:49
hi emanuel !

nice writeup again!
I'm also unsure of enabling / disabling suhosin.
If i got it right, there is a strong believe that if suhosin is disabled, more vulun's will be found ...

i like php, gave me a start in developing .... now im more in c# / asp / ... and i think about "rewriting" critical stuff to be a different tech ... specially with online-commerce where money is involved .... f.e creating webservices that are only used from php sites to do the actual business-stuff...
you think it's that critical ?

  2. Re: what issues are covered by suhosin ?   Reply   Report abuse  
Picture of Manuel Lemos
Manuel Lemos
2012-02-03 19:11:15 - In reply to message 1 from chris
It is hard to put in in just a few words. It will give a whole article to talk about it.

Just a few features, basically it provides protection against eventual PHP bugs that may cause memory allocation overrun, it can encrypt your site cookies (and session cookies) to avoid attackers tampering your cookies and manipulate your application, etc..