Questions tagged [suhosin]

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin is an advanced protection system for PHP installations.

It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch, Suhosin is binary compatible with a normal PHP installation, which means it is compatible to a third-party binary extension like ZendOptimizer.

67 questions

votes

3 answers

PHP 5.3, Suhosin and UTF-8

I'm struggling to find a solution to keep using the Suhosin patch and make it work with UTF-8 form submissions. This is the very simple test I made:

votes

2 answers

php suhosin alerts

I use suhosin. I get the following alerts. ALERT-SIMULATION - tried to register forbidden variable '_REQUEST' through GET variables (attacker ALERT-SIMULATION - tried to register forbidden variable '_REQUEST[option]' through GET variables…

php alert suhosin

asked Aug 05 '11 at 02:17

chnet

1,993
9
36
51

votes

1 answer

PHP increase memory_limit above 128M

I have running a Debian Squeeze with Standard Apache and PHP, installed via aptitude. No I try to run : Result: 128M 128M What I have…

php apache memory-limit suhosin ini-set

asked Aug 09 '13 at 06:08

user2554863

votes

3 answers

How to override suhosin max value?

An important GET param is being filtered by suhosin. How do I override suhosin when the following does not work? public_html/php.ini : [suhosin] suhosin.get.max_value_length = 2048 Sets suhosin.get.max_value_length among others to NULL and crashes…

php suhosin

asked Oct 04 '12 at 00:05

tim

2,530
3
26
45

votes

1 answer

How do I set suhosin.request.max_* with .htaccess? Only suhosin.post.max_* work

I've set suhosin.perdir = 'p' in my ini file. I would now like to change suhosin ini settings on a per-folder basis. The following all work (running phpinfo() inside the desired folder shows the changed values): php_value…

.htaccess suhosin

asked May 28 '12 at 11:29

mitai

votes

1 answer

access-control-allow-origin not working

I'm integrating the API system into my website, however I got this message from Google chrome's console: XMLHttpRequest cannot load https://api.mysocialsync.com/. Origin https://www.mysocialsync.com is not allowed by Access-Control-Allow-Origin. Now…

php suhosin

asked Dec 16 '11 at 16:32

xorinzor

6,140
10
40
70

votes

1 answer

Suhosin rule violation (340006 and 340007)

Can anybody tell me what these rule violations mean? or at least point me to a useful resource. An app I wrote was working perfectly until yesterday. On further investigation I got the following from the hosting company. I have seen the offending…

php suhosin

asked Dec 06 '11 at 13:59

Thilo

votes

2 answers

Do I need the Suhosin security patch on a VPS?

I have a VPS with Linode and the out-of-the-box Ubuntu server setup comes with the Suhosin PHP security patch. The annoying problem is that it's effecting a few things, namely CakePHP session/cookies and a couple of side affects with phpMyAdmin. As…

php suhosin

asked May 26 '11 at 12:06

Dunhamzzz

14,682
4
50
74

votes

2 answers

suhosin patch or extension and zend optimizer

I have been wondering about the difference between Suhosin Patch and Extension? For example which one of them I should install with PHP 5.2.17 with Xcache 1.3.1 and Zend Optimizer 3.3.0.a? Should it be Suhosin Extension 0.9.32.1? Is Patch version…

php suhosin zend-optimizer

asked Feb 05 '11 at 18:36

Namesniper

votes

1 answer

Disable PHP eval in Virtualhost per location

I have successfully installed suhosin in my server and I'm blocking the devil PHP eval function on some virtualhosts with this configuration: #SUHOSIN …

php apache eval httpd.conf suhosin

asked Oct 20 '17 at 08:01

Azurlake

votes

3 answers

suhosin alternative

are there any alternatives available for suhosin? or any recent tools like it? i use eaccelerator and i heard that suhosin can't get along with it.

php security suhosin

asked Nov 29 '10 at 12:53

user372993

votes

1 answer

How to secure CentOS with PHP7 server without suhosin?

i would like to port my system from PHP 5.6.17 to 7.0.2. As operation system we use CentOS Linux release 7.2.1511. I found no compatible suhosin (security https://suhosin.org/stories/index.html) extention for my system. Recent state of suhosin…

php centos php-7 suhosin

asked Jan 29 '16 at 13:06

Gizzmo

votes

4 answers

PHP SimpleXML, CodeIgniter and Apache with Suhosin

I have an application I am writing in PHP5, using the CodeIgniter framework. I have it running on both Windows (using Xampp) and Ubuntu (using standard Apache, PHP, MySQL stack). I have a form, that takes XML, parses it (using simpleXML) and posts…

php xml apache simplexml suhosin

asked Nov 04 '08 at 11:05

Mark Unwin

1,613
1
15
19

votes

2 answers

Suhosin and disable eval

I have installed Suhosin on my dedicated CentOS server. I have about 80 accounts on it, most of them running Joomla or Wordpress sites. Some of them are outdated and sitting ducks when it comes to hacking and injection of eval code. I would like to…

php wordpress joomla eval suhosin

asked Jul 30 '14 at 12:35

Manos Krokos

votes

1 answer

MySQL: Allow for PHP code and SQL statements to be submitted by form

Here's my situation: I have a website built with CakePHP and MySQL. My website has a public forum where members can post code samples. Some of these code samples are going to include PHP and MySQL code. I understand that this is probably a dangerous…

php mysql sql cakephp suhosin

asked Oct 30 '13 at 06:23

Jackson

9,188
6
52
77

Prev 1

3 4 5 Next