PHP Security through Suhosin or Hardening Patch

PHP Security through Suhosin or Hardening Patch

Programming News

Computer Security News

Programming News

RELATED NEWS

Five Gadget Accessories that are Essential for Traveling

How to Backup & Restore Firefox Preferences?

'Bad Girls Club Miami' Reunion Part 1 Highlights

How To Break Into Any Password Protected Windows/Mac Computers

San Diego Comic Con Convention Passes out for Sale Online

Belize Lashed By Hurricane Richard Before Weakening

Choice of CEO signals hardware-heavy HP's interest in gaining software clout

HP's new CEO hints that software is a priority; Apotheker only 1 offered job, company says

New Hewlett-Packard CEO to get base salary of $1.2M, $4M signing bonus, annual cash incentives

iXiGO.com named one of the fastest growing Indian brands on Facebook

By Angsuman Chakraborty, Gaea News Network
Monday, March 3, 2008

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

- Suhosin site

Do you know about Suhosin? Have you used Suhosin or PHP Hardening Patch? Would you recommend it and what are the caveats, if any? Please let us know and discuss it in the forum.

Filed under: Computer Security, Open Source Software, PHP, Programming, Web, Web Services

Discuss Bellow

Discussion

Malmoth

March 29, 2009: 2:46 am

They’re basically the same thing. They provide a considerable level of protection against various kinds of attacks, buffer overflow attacks being on top of the list.
Beyond the default protection measures, it also enables you to easily block custom functions, which you see exploitable, via its configuration file.
As I’ve read lately, it also offers some level of protection for SQL functions (which is experimental at the point), but I’m not quite familiar with that aspect.

The main difference between the Hardened-PHP and Suhosin is that Suhosin is binary compaible with the default PHP executable.
So, as long as you go with Suhosin instead of Hardened-PHP (which may cause problems in some cases, like when you use a PHP accelerator, due to its incompatibility in binary level) you probably won’t even notice any difference.

By the way, if you work on a GNU/Linux distro like Debian or Ubuntu, you probably already have the Suhosin patch installed by default. In that case, all you need to do is to install the extension that enables the extra security measures, which by the way enable you to tweak with the specific security measures beyond the default protection.

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News