Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Suhosin (Advanced PHP Protection)
Aug 21, 2006 @ 13:35:36

In the ongoing quest of the guys over on the Hardened-PHP project to help protect PHP installs from the evils of the internet, there's a new project in development that could help make even more PHP installations more secure - Suhosin.

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

There's already some information on the project posted on its homepage, but since it's still a beta preview of the code, the feature list and documentation isn't complete. If you'd like to check out this project in its early stages and see what it's all about, a great place to start is the current information including links to the downloads and how to get it set up on your install.

tagged: install beta version suhosin protection flaws install beta version suhosin protection flaws

Link:

Hardened-PHP Project:
Suhosin (Advanced PHP Protection)
Aug 21, 2006 @ 13:35:36

In the ongoing quest of the guys over on the Hardened-PHP project to help protect PHP installs from the evils of the internet, there's a new project in development that could help make even more PHP installations more secure - Suhosin.

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

There's already some information on the project posted on its homepage, but since it's still a beta preview of the code, the feature list and documentation isn't complete. If you'd like to check out this project in its early stages and see what it's all about, a great place to start is the current information including links to the downloads and how to get it set up on your install.

tagged: install beta version suhosin protection flaws install beta version suhosin protection flaws

Link:

Sean Coates' Blog:
Security and...Driving? (and Hiring)
Jan 25, 2006 @ 12:35:49

Sean Coates has posted his opinions on all of the recent talk about the "inherent security flaws" that have voiced that PHP has.

There's been a blip on the PHP blogosphere (think what you will of that word, it's accurate) regarding PHP's "inherent security flaws."

I guess it's time to toss in my 2c (even though I was one of the first to reply to Chris' post on this). Since I like similes, I propose the following: coding is like driving.

He continues the metaphor, stating that no one is a great driver when they first start - the same with coding. There's always a learning process. He also notes that it's not PHP's responsibility to police this inexperience. Experience comes with time and good security in PHP applications comes with experience...

tagged: security flaws inherent driving metaphor security flaws inherent driving metaphor

Link:

Sean Coates' Blog:
Security and...Driving? (and Hiring)
Jan 25, 2006 @ 12:35:49

Sean Coates has posted his opinions on all of the recent talk about the "inherent security flaws" that have voiced that PHP has.

There's been a blip on the PHP blogosphere (think what you will of that word, it's accurate) regarding PHP's "inherent security flaws."

I guess it's time to toss in my 2c (even though I was one of the first to reply to Chris' post on this). Since I like similes, I propose the following: coding is like driving.

He continues the metaphor, stating that no one is a great driver when they first start - the same with coding. There's always a learning process. He also notes that it's not PHP's responsibility to police this inexperience. Experience comes with time and good security in PHP applications comes with experience...

tagged: security flaws inherent driving metaphor security flaws inherent driving metaphor

Link:


Trending Topics: