Suhosin Security?

#1
Came across a post on vbulletin forum about suhosin security:

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.
""
http://www.hardened-php.net/suhosin.127.html

Has anyone used it?

If yes did it cause any problems with any script and is it actually useful?

Would love to hear what the tech guys from knownhost think about this.
 
#2
I do.

Sometimes it prevents editing, like in WHMCS of tlds, etc., so you can either use phpmyadmin or comment it out in the ini file and then re-enable if it causes problems.
 

Dan

Moderator
#3
Hello Yogesh,

I've been using it for years and have only ever seen one valid thing get stopped by it. Course everyone's got different apps and expectations so your mileage may vary.

You can build it in using Easyapache in WHM.
 
Top