Hi,
I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP.
Now I just stumbled over this:
http://www.hardened-php.net/suhosin.127.html
Has anyone already tried this out? An opinion about it? Is it worth it?
Since I have to rebuild PHP anyway (because I need some specific modules that can only be obtained by rebuilding it), it wouldn't be much of a hassle. But I'm curious about the experts' opinion here.
Cheers,
Niki
Niki Kovacs wrote:
Hi,
I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP.
Now I just stumbled over this:
http://www.hardened-php.net/suhosin.127.html
Has anyone already tried this out? An opinion about it? Is it worth it?
I use it. I think it is worth it - but don't use it as a substitute for proper coding.
Niki Kovacs wrote:
Hi,
I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP.
Now I just stumbled over this:
http://www.hardened-php.net/suhosin.127.html
Has anyone already tried this out? An opinion about it? Is it worth it?
Since I have to rebuild PHP anyway (because I need some specific modules that can only be obtained by rebuilding it), it wouldn't be much of a hassle. But I'm curious about the experts' opinion here.
http://www.hughesjr.com/content/view/21/1/
That explains how to install in centos-4 and centos-5.
Thanks, Johnny Hughes
Johnny Hughes a écrit :
http://www.hughesjr.com/content/view/21/1/
That explains how to install in centos-4 and centos-5.
Thanks for the link. And thanks for a few interesting reads along the line. Since I have to rebuild PHP anyway (to include php-xslt, which apparently can't be obtained otherwise), I might as well use the patch.
Aside: I'm planning a short article on CentOS for the french magazine Linux Pratique. May I use/quote parts of your Linux magazine article?
Cheers,
Niki
Niki Kovacs wrote:
Johnny Hughes a écrit :
http://www.hughesjr.com/content/view/21/1/
That explains how to install in centos-4 and centos-5.
Thanks for the link. And thanks for a few interesting reads along the line. Since I have to rebuild PHP anyway (to include php-xslt, which apparently can't be obtained otherwise), I might as well use the patch.
Aside: I'm planning a short article on CentOS for the french magazine Linux Pratique. May I use/quote parts of your Linux magazine article?
You may already understand this - but note that the patch to php is one different than the module. Using both together gives maximum benefit, but neither the php patch nor the loadable module requires use of the other. They do different things.
Niki Kovacs wrote:
Johnny Hughes a écrit :
http://www.hughesjr.com/content/view/21/1/
That explains how to install in centos-4 and centos-5.
Thanks for the link. And thanks for a few interesting reads along the line. Since I have to rebuild PHP anyway (to include php-xslt, which apparently can't be obtained otherwise), I might as well use the patch.
Aside: I'm planning a short article on CentOS for the french magazine Linux Pratique. May I use/quote parts of your Linux magazine article?
Niki,
Sure, you can quote anything from that article that you want.
Thanks, Johnny Hughes
Niki Kovacs wrote on Fri, 15 Feb 2008 13:17:20 +0100:
Has anyone already tried this out? An opinion about it? Is it worth it?
Start running it in logging-only mode or it will immediately break certain apps. You will have to adjust several limits before you can use it in real.
Kai
-
Johnny Hughes -
Kai Schaetzl -
Michael A. Peters -
Niki Kovacs