Results 1 to 7 of 7
  1. #1

    Suhosin or not to suhosin?

    Hello,

    I've seen that some hosts use it, but other don't, I really haven't found mixed reviews about it and if Suhosin is really necessary for PHP... I have enabled it, but I've noticed that some scripts have conflicts with it... is a cPanel system..

    Do you suggest me to disable it? does it make any difference with PHP? and how to disable it?

    Thanks in advance

  2. #2
    Join Date
    Mar 2003
    Location
    WebHostingTalk
    Posts
    16,968
    Moved > Hosting Security and Technology.
    Specially 4 You
    .
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  3. #3
    Join Date
    May 2009
    Location
    On a Speck!!!!!
    Posts
    216
    Suhosin is an advanced security mechanism in PHP. It can be disabled by adding the following in your php.ini

    ---------
    suhosin.simulation = On
    ---------

    If you want to block it on a per account basis. Add this entry to the .htaccess file of the specific domain.

    ----------
    php_flag suhosin.simulation On
    ----------

    But I think this wont work if you have enabled suPHP.

    I will certainly make difference as it may block certain php scripts which it may find unsafe.
    Regards,
    Tom.

    Freelance System Administrator

  4. #4
    Join Date
    Mar 2009
    Posts
    3,807
    I don't see why it's a bad thing to turn it on, I haven't seen anything break except for exploit-riddled terribly done "my first PHP script" scripts.

  5. #5
    Join Date
    May 2009
    Location
    On a Speck!!!!!
    Posts
    216
    It doesn't mean that suhosin is not running in the server. Suhosin is supposed to work "out of the box" without any configuration changes. This is to activate simulation mode. This reports security issues, but does not block any activity.
    Regards,
    Tom.

    Freelance System Administrator

  6. #6
    Join Date
    May 2003
    Posts
    1,664
    I haven't seen it break anything worth running to be honest. The only problems I have seen was with very poorly written scripts and to be honest I don't want those running as they are usually riddled with holes. I would rather lock a server down and then open only what is necessary so I recommend it.

  7. #7
    Join Date
    Mar 2003
    Location
    Saint Paul, MN
    Posts
    826
    Well, on the default settings it breaks...Squirrelmail...which is kind of a bummer. You can work around it as Thomas mentions above, but I figured I'd mention it's not just "my first PHP script" stuff.

    We still use it, though. One of those things where the benefits outweigh the costs, IMO. Especially the SQL injection/XSS protection...
    redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
    Because Simple Things Should Be Simple - YouCANHasDNS

Similar Threads

  1. Suhosin
    By no one in forum Hosting Security and Technology
    Replies: 1
    Last Post: 02-20-2011, 12:35 PM
  2. suhosin ?
    By z0ne in forum Hosting Security and Technology
    Replies: 6
    Last Post: 07-06-2010, 04:57 PM
  3. Suhosin?
    By larwilliams in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-27-2009, 03:51 PM
  4. Suhosin Extension or Suhosin Patch
    By Costaud in forum Hosting Security and Technology
    Replies: 6
    Last Post: 03-19-2008, 11:17 PM
  5. about suhosin
    By agressor in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-15-2007, 11:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •