Stack Overflow
Stack Overflow

Questions tagged [suhosin]

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin is an advanced protection system for PHP installations.

It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch, Suhosin is binary compatible with a normal PHP installation, which means it is compatible to a third-party binary extension like ZendOptimizer.

67 questions
2
votes
2 answers

php session encryption

I'd like to have sessions data encrypted like they are in suhosin, is there any library out there providing that?
Paul
  • 181
  • 4
  • 11
2
votes
2 answers

How to share sessions between two sites when suhosin is enabled?

Recently our client migrated to server with suhosin enabled. Till then we were using session sharing to switch between wp and our custom cms. Now the session details are saved in DB after encryption. After pulling out the hair for one day we found…
Mic
  • 337
  • 1
  • 5
  • 14
2
votes
1 answer

Suhosin for Windows

I was wondering if it is possible to install Suhosin for php without completely recompiling the php library. I've looked around a lot an all I was able to find are resources for Linux and other windows alternatives. I did stumble upon one resource…
icomrade
  • 1,053
  • 1
  • 9
  • 11
1
vote
2 answers

How can my php script tell if suhosin changed request variables?

I've been testing security for some php scripts and have found that, among other things, suhosin strips away a posted variable that is huge... this is fine and desirable, but I'd like for my script to be able to tell that suhosin changed the…
dlo
  • 1,580
  • 15
  • 24
1
vote
1 answer

suhosin encryption bug when reloading apache2 configuration

I have a Apache2 server installed running with php and suhosin. The php session are handled with Zend_Session and stored in database. Suhosin is configured to encrypt session data before saving it to the database. While apache2 is running after…
Alexandre GUIDET
  • 852
  • 9
  • 27
1
vote
2 answers

Can't upload 5mb file using AJAX file uploader

I am using the file uploader plugin (from: https://github.com/valums/file-uploader) to upload files to my website. If you are using a moden web browser (like Firefox 6 or Chrome 13), then it uploads by streaming the file in the POST body, and can…
gen_Eric
  • 223,194
  • 41
  • 299
  • 337
1
vote
0 answers

String with more then 513 signs doesn't appear in $_GET

Possible Duplicate: Query variable can be no longer than 512 characters I have switched form PHP 5.2 to "PHP 5.3.3-7 with Suhosin-Patch (cli) (built: Jan 5 2011 10:36:05)" and have very very strange problem. When I have an URL for example:…
Nik
  • 13
  • 2
1
vote
3 answers

PHP: out of memory error, what to do?

I am receiving this error when Im trying to crop a image, I just uploaded. The image i just uploaded is around 3MB. Here's the error
Fatal error: Out of memory (allocated 45088768) (tried to allocate 15552 bytes)
And its…
Johnson
  • 818
  • 4
  • 21
  • 39
1
vote
1 answer

Query variable can be no longer than 512 characters

I'm struggling to read query variables that contain more than 512 characters in the $_GET array. If I parse the query string using parse_string, however, I can read it just fine from the resulting array. Example: # GET /test.php?foo=
Johannes Gorset
  • 8,715
  • 4
  • 36
  • 34
1
vote
2 answers

PHP APC uploads are never marked as complete

I have a LAMP setup running PHP 5.2.6-1 with the Suhosin Patch (0.9.6.2) and Zend (2.2.0) with APC enabled for use with a file upload script using an ajax cal to get the status and generate a progress bar. Everything appears to be working, the file…
Clorith
  • 459
  • 1
  • 6
  • 16
1
vote
0 answers

suhosin class method whitelist

I'm hardening a nginx webserver. I'm using suhosin to harden php language, but in simulation mode it complains about addserver() method of Memcache class even if I added it to suhosin.executor.func.whitelist The log reports: 2016/03/25 22:50:15…
Luca Rizzuti
  • 31
  • 5
1
vote
1 answer

Load extension automatically in PHP5 ubuntu

I'm pretty new in PHP. Learn at college at 10 years ago, and now must face this programming language again. I work as PHP Programmer since 1 month ago. :) Current situation is: There are Server Available with specification: Apache/2.2.11 (Ubuntu)…
bayuforest
  • 118
  • 2
  • 2
  • 10
1
vote
1 answer

PHP modify suhosin settings on runtime

Is it possible to modify Suhosin settings on runtime execution? I'm asking because PHPUnit uses some features that are disabled by Suhosin (like vfs protocol and eval for mocking) and I'd like to modify those settings in my test bootstrap...
Tomasz Kapłoński
  • 1,320
  • 4
  • 24
  • 49
1
vote
0 answers

What suhosin patch works with php 5.3.28?

I'm running PHP 5.3.28 on my openvz VPS and want to recompile my PHP with Suhosin. But it seems suhosin does not released any patch for my PHP version. Should I use 5.3.2 suhosin patch instead? Any help will be appreciated
KarenV
  • 35
  • 2
  • 10
1
vote
1 answer

How to write my own mt_rand() & mt_srand?

I have an application that makes a heavy use of mt_rand & mt_srand, the problem is that many host providers are enabling, by default, the suhosin.mt_srand.ignore, which cause my application not to work properly, because the seeding doesn't…
Alon Dor
  • 111
  • 10
1 2
3
4 5