PHP Classes

what issues are covered by suhosin ?

Recommend this page to a friend!

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  what issues are covered by suhosin ?  >  (Un) Subscribe thread alerts  
Subject:what issues are covered by suhosin ?
Summary:what doors are now open when suhosin is disabled ?
Date:2012-02-03 12:49:21
Update:2012-02-03 19:11:15


  1. what issues are covered by suhosin ?   Reply   Report abuse  
chris - 2012-02-03 14:23:49
hi emanuel !

nice writeup again!
I'm also unsure of enabling / disabling suhosin.
If i got it right, there is a strong believe that if suhosin is disabled, more vulun's will be found ...

i like php, gave me a start in developing .... now im more in c# / asp / ... and i think about "rewriting" critical stuff to be a different tech ... specially with online-commerce where money is involved .... f.e creating webservices that are only used from php sites to do the actual business-stuff...
you think it's that critical ?

  2. Re: what issues are covered by suhosin ?   Reply   Report abuse  
Manuel Lemos - 2012-02-03 19:11:15 - In reply to message 1 from chris
It is hard to put in in just a few words. It will give a whole article to talk about it.

Just a few features, basically it provides protection against eventual PHP bugs that may cause memory allocation overrun, it can encrypt your site cookies (and session cookies) to avoid attackers tampering your cookies and manipulate your application, etc..