|I think it's important that the pros and cons of Suhosin as a patch is evaluated. A conservative approach would not help in making PHP any better. We need to make sure whatever be the case the PHP developers who thrive on the improvements made in the language are benefited, the language as a whole is benefited. We owe it to the the PHP world as we want it to compete with other languages in all aspect and security being the foremost.|
|2012-02-06 09:31:09 - In reply to message 1 from Aparna Dey|
|Right, the fact is that Suhosin not only prevents security problems known today, but also mitigates the effects of security problems to be discovered only in the future.|
You certainly need to test your applications with Suhosin running on your development environment. After you give it a good test and do not find any issues, it should be OK to use it in production.