News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brandon Savage's Blog:
Suhosin The Invisible Hand Of PHP
November 18, 2009 @ 08:14:52

Brandon Savage has written up a look at the Suhosin patch for PHP (a project lead by Stefan Esser), what it can do for your PHP installation and his opinion on the benefits.

Last week, I received an email from someone who told me how the Suhosin patch had created problems for their team, and suggested that I write about it here. I thought this was a great idea, for a number of reasons. Particularly, Suhosin is one of those PHP patches that alters the way PHP operates in a fundamental fashion, yet also is installed by default in many places (for example, Ubuntu compiles this patch in by default on their installation).

He talks about some of the features it includes - disabling eval, not allowing for remote includes, makes it possible to modify the memory limit per script and allows you to set limits on the length of REQUEST arrays. He notes that, while the Suhosin patch is a good thing and can make a real difference in your application, it's by no means a requirement to creating a secure application (and shouldn't be used as a replacement for such).

There's also an interesting comment from Stefan Esser himself on the comments Brandon made in the post.

2 comments voice your opinion now!
suhosin patch stefanesser security


blog comments powered by Disqus

Similar Posts

Symfony Blog: Help Symfony reach 3 billion people

Ed Finkler's Blog: What Matt Mullenweg doesn't know about PHP5, and how it hurts him and his users

Greg Beaver's Blog: multiple __HALT_COMPILER(); no longer raises notices PHP 5.2.2+

SitePoint PHP Blog: PHP ZH Round One

PHPit.net: PHP Security - Basic PHP Security


Community Events

Don't see your event here?
Let us know!


opinion voicesoftheelephpant introduction laravel5 laravel video security language podcast example interview release version framework unittest series community php7 api library

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework