Hi, I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP. Now I just stumbled over this: http://www.hardened-php.net/suhosin.127.html Has anyone already tried this out? An opinion about it? Is it worth it? Since I have to rebuild PHP anyway (because I need some specific modules that can only be obtained by rebuilding it), it wouldn't be much of a hassle. But I'm curious about the experts' opinion here. Cheers, Niki
Niki Kovacs wrote:> Hi, > > I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, > PHPMyAdmin), and I'm not always comforted about security. I don't know > the details, but many a security expert frowns when it comes to PHP. > > Now I just stumbled over this: > > http://www.hardened-php.net/suhosin.127.html > > Has anyone already tried this out? An opinion about it? Is it worth it?I use it. I think it is worth it - but don't use it as a substitute for proper coding.
Niki Kovacs wrote:> Hi, > > I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, > PHPMyAdmin), and I'm not always comforted about security. I don't know > the details, but many a security expert frowns when it comes to PHP. > > Now I just stumbled over this: > > http://www.hardened-php.net/suhosin.127.html > > Has anyone already tried this out? An opinion about it? Is it worth it? > > Since I have to rebuild PHP anyway (because I need some specific modules > that can only be obtained by rebuilding it), it wouldn't be much of a > hassle. But I'm curious about the experts' opinion here. >http://www.hughesjr.com/content/view/21/1/ That explains how to install in centos-4 and centos-5. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080215/3e642207/attachment.sig>
Johnny Hughes a ?crit :>> > > http://www.hughesjr.com/content/view/21/1/ > > That explains how to install in centos-4 and centos-5. >Thanks for the link. And thanks for a few interesting reads along the line. Since I have to rebuild PHP anyway (to include php-xslt, which apparently can't be obtained otherwise), I might as well use the patch. Aside: I'm planning a short article on CentOS for the french magazine Linux Pratique. May I use/quote parts of your Linux magazine article? Cheers, Niki
Niki Kovacs wrote on Fri, 15 Feb 2008 13:17:20 +0100:> Has anyone already tried this out? An opinion about it? Is it worth it?Start running it in logging-only mode or it will immediately break certain apps. You will have to adjust several limits before you can use it in real. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com