IT_Architect
Verified User
- Joined
- Feb 27, 2006
- Messages
- 1,094
Reflecting on the vulnerabilities of php, I'm of the opinion that server security, let alone app security, is not practically attainable on servers running php without suhosin. suhosin is needed for both CLI and CGI implementations. suhosin is highly effective with minimal impact on hosted applications. That rare combination allows it to be commonly deployed, perhaps even the default. suhosin is the default for ports php installs. The suhosin patch and extension have been required and for several years and similar protection does not appear to be forthcoming from the php developer team to resolve these security issues.
I would like to see the patch and the extension as individual options since they each solve different security issues, both are not always required, and each have a different impacts on compatibility and maintainability. If this cannot be easily incorporated into DirectAdmin installs in the near term, then due to the critical nature of the problem, a "HOW TO" to manually incorporate and maintain during DirectAdmin services updates would be welcome. At some point you would need that information to incorporate it into DirectAdmin anyway.
Thank you for your consideration.
I would like to see the patch and the extension as individual options since they each solve different security issues, both are not always required, and each have a different impacts on compatibility and maintainability. If this cannot be easily incorporated into DirectAdmin installs in the near term, then due to the critical nature of the problem, a "HOW TO" to manually incorporate and maintain during DirectAdmin services updates would be welcome. At some point you would need that information to incorporate it into DirectAdmin anyway.
Thank you for your consideration.
Last edited:
