Hardened PHP: Suhosin

Suhosin (Korean for "guardian angel", according to Wikipedia) is a set of patches to the PHP source code that make the task of hacking your server by exploiting PHP that much harder. It's not an official PHP project, and so cannot be relied upon to be as stable as the core PHP release, however it is just a set of minor patches and so isn't likely to affect stability at all. If you installed PHP as part of a package, you might find that Suhosin ships as standard.

Does it make PHP more secure? That's hard to say: very few people have been hit by PHP exploits in its existence, so most of us don't really have a reason to switch to the hardened release.


Next chapter: Summary >>

Previous chapter: Changing block cipher mode

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.