Grokbase
Topics Posts Groups | in
x
[ help ]

Re: Hardened PHP? Suhosin patch?

View PostFlat  Thread  Threaded | < Prev - Next >
Johnny Hughes Re: [CentOS] Hardened PHP? Suhosin patch?
| +1 vote
[ Profile | Reply to group ] [ Flat  Thread  Threaded ]
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============23820914=Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig3EF43F7BDBD0E3903E602C08"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3EF43F7BDBD0E3903E602C08
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Niki Kovacs wrote:
> Hi,
>
> I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla,
> PHPMyAdmin), and I'm not always comforted about security. I don't know
> the details, but many a security expert frowns when it comes to PHP.
>
> Now I just stumbled over this:
>
> http://www.hardened-php.net/suhosin.127.html
>
> Has anyone already tried this out? An opinion about it? Is it worth it?
>
> Since I have to rebuild PHP anyway (because I need some specific modules
> that can only be obtained by rebuilding it), it wouldn't be much of a
> hassle. But I'm curious about the experts' opinion here.
>

http://www.hughesjr.com/content/view/21/1/

That explains how to install in centos-4 and centos-5.

Thanks,
Johnny Hughes


--------------enig3EF43F7BDBD0E3903E602C08
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHtcXJTKkMgmrBY7MRAlHkAJ9YAZNvZy6yn+XnsoPXh7PSb6seQQCeKqpK
WYOx0MmVD1KdfIZof+zCcVM=IhQL
-----END PGP SIGNATURE-----

--------------enig3EF43F7BDBD0E3903E602C08--

--==============23820914=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
CentOS mailing list
[email protected: C...@centos.org]
http://lists.centos.org/mailman/listinfo/centos

--==============23820914==--

Thread : Hardened PHP? Suhosin patch?
1)
Niki Kovacs Hi, I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not...
2)
Michael A. Peters I use it. I think it is worth it - but don't use it as a substitute for proper coding.
3)
Johnny Hughes This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============23820914=Content-Type:...
4)
Niki Kovacs Johnny Hughes a écrit : Thanks for the link. And thanks for a few interesting reads along the line....
5)
Michael A. Peters You may already understand this - but note that the patch to php is one different than the module....
6)
Johnny Hughes This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============77929410=Content-Type:...
7)
Kai Schaetzl Niki Kovacs wrote on Fri, 15 Feb 2008 13:17:20 +0100: Start running it in logging-only mode or it...
spacer
View PostFlat  Thread  Threaded | < Prev - Next >
Home > Groups > CentOS > Hardened PHP? Suhosin patch? (7 posts) > View Post
Grokbase | Groups | Tags | People | Add a group | FAQ | About

Provide feedback | del.icio.us | Credits | Created by John