Stack Overflow
Stack Overflow

Questions tagged [suhosin]

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin is an advanced protection system for PHP installations.

It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch, Suhosin is binary compatible with a normal PHP installation, which means it is compatible to a third-party binary extension like ZendOptimizer.

67 questions
31
votes
8 answers

How secure is PHP?

I am somewhat new to PHP coding and I am aware that malicious users can hack a website if you have not sanitized your PHP code. What I am wondering is whether they need a data entry box (like for file submissions, or user-name/password entry…
slimbo
  • 2,699
  • 4
  • 25
  • 36
24
votes
3 answers

Is php 5.4 safe without Suhosin?

I'm currently working on developing a PHP CMF which will eventually be commercially available and I want to use traits. The problem however is that traits are a PHP 5.4 feature and apparently the popular Suhosin security patch isn't compatible with…
Evan Byrne
  • 1,105
  • 1
  • 12
  • 17
17
votes
4 answers

How to check whether Suhosin is installed?

I'm not familiar with Suhosin (never used it) but if possible I need to check using PHP whether it is installed. This is for part of an installer that I'm writing. Thanks.
Mike
  • 187
  • 1
  • 1
  • 5
14
votes
3 answers

Does PHP set memory limits on arrays?

I have a weird memory problem in PHP. I think something is only allowing an array to be a maximum of 0.25M. It appears the script is only using up to around 6M before it crashes. Here's the output from xdebug: Here's the function it is calling. The…
Westwick
  • 2,367
  • 3
  • 28
  • 51
13
votes
3 answers

Why isn't Suhosin part of the PHP core?

It seems Suhosin patches and extends the PHP core as a means to protect users from flaws in the core. It also seems some smart people are using this system. Since it appears to be a good thing, I'm curious as to why its not part of the PHP core to…
fuentesjr
  • 50,920
  • 27
  • 77
  • 81
12
votes
1 answer

'php pyrus.phar' won't get executed

I use PHP 5.3 on Debian and according to php -m 'Phar' is loaded. But executing php pyrus.phar or php pyrus.phar config-show leads to no output at all. What might be the problem? debian:~# php -v PHP 5.3.5-1 with Suhosin-Patch (cli) (built: Feb 19…
Raffael
  • 19,547
  • 15
  • 82
  • 160
9
votes
7 answers

Security with PHP Sessions

I know this has been asked billions of times, but I'm super paranoid/OCD about the security of my coding. I'm working on a little project. The session data will only contain: user_id 1 user_name MyUsername logged_in true csrf_token…
user1453094
  • 373
  • 2
  • 7
  • 13
8
votes
2 answers

lots of request variable name length errors in suhosin

I got a lot of suhosin errors in my /var/log/messages Dec 22 06:28:12 server suhosin[4637]: ALERT - configured request variable name length limit exceeded - dropped variable…
iLinux85
  • 403
  • 2
  • 6
  • 20
8
votes
3 answers

Decrypting and Reading Suhosin Session Data

I just noticed that my host started using Suhosin Hardening, i'm not quite familiar with this and am having major issues with my application, mainly in sessions. The session is nowing being stored in the following…
Zubair1
  • 2,770
  • 3
  • 31
  • 39
8
votes
2 answers

Is my site being attacked? Suhosin simulation, very strange activity in IP Log

I will preface this question by saying I am NOT a web developer, nor do I have much knowledge in this field. I am a business owner and have a low volume website that my customers purchase products on. I've noticed this set of queries a few minutes…
user3100907
  • 255
  • 3
  • 13
7
votes
2 answers

CakePHP Cookies getting scrambled - Suhosin related

For some reason I am unable to read any cookies from my CakePHP app on any page after they have been set, the only thing that is returned is garbled text. My code is as simple as this: $this->Cookie->write('Region', 'test'); $reg =…
Dunhamzzz
  • 14,682
  • 4
  • 50
  • 74
5
votes
1 answer

Why doesn't suhosin.executor.disable_emodifier work?

I'm running PHP5.6 on ubuntu12.04 as apache 2.4 module Suhosin is installed from sources Suhosin is enabled and I can see it in phpinfo() function output. I have these lines in the suhosin.ini: suhosin.executor.disable_eval =…
Konstantin Bodnia
  • 1,372
  • 3
  • 20
  • 43
5
votes
5 answers

Symfony2 set up

I'm trying to set up sample Symfony2 project as shown here http://symfony.com/doc/current/quick_tour/the_big_picture.html and after accessing config.php I have this: Major problems have been detected and must be fixed before continuing: Add "phar"…
Herokiller
  • 2,891
  • 5
  • 32
  • 50
4
votes
1 answer

Workaround for suhosin.mt_srand.ignore to consistently shuffle an array in PHP?

I have a PHP script which needs to randomise an array with consistent results, so it can present the first few items to the user and they can then pull in more results from the same shuffled set if they want to. What I'm currently using is this…
alexz
  • 96
  • 1
  • 5
4
votes
1 answer

json_encode - PHP gives uncomplete json string

First my Setting: PHP 5.3.2 - with Suoshin and xCache lighttpd/1.4.26 My Code is too much to Post it here. I will discribe it. File x.php is loading some PHP - Classe, init them, executes some functions -> getting an Result array. If I print_r…
MnomrAKostelAni
  • 458
  • 1
  • 4
  • 13
1
2 3 4 5