Use Suhosin to Enhance PHP script language Security

Use Suhosin to enhance the security of the PHP script language, and use Suhosin to enhance the security of the PHP script language. PHP is a very popular website script language, but its inherent security is very weak. This article describes the PHP Enhancement Program (Hardened-PHPproject) and the new Suhosi program. Suhosin provides enhanced PHP security configuration. PHP comes with "> <L

PHP is a very popular website scripting language, but its inherent security is very weak. This article describes the PHP Enhancement Program (Hardened-PHP project) and the new Suhosi program. Suhosin provides enhanced PHP security configuration.

PHP is a controversial but most popular website scripting language. It is popular because of its low price. However, this low price has led to the increasing number of website applications written in PHP, and the increasing security vulnerabilities of PHP, this security feature shows that PHP is extremely unreliable, but at the same time it is very flexible for the script language itself, it can be used to easily implement code, however, these codes are bloated and insecure. Even so, they still have a lot of users. You can assume, based on the actual situation, that various applications are vulnerable to attacks such as SQL injection, cross-site scripting, and arbitrary execution of commands.

Because built-in PHP security measures such as safe_mode and open_basedir will be ignored, PHP created by the PHP enhancement program is more secure and PHP verification is also checked. Initially, these are completed by enhanced PHP patches that need to be patched and re-compiled by PHP itself. Recently, the PHP Enhancement Program released a new project named Suhosin.

Sohosin consists of two parts: the first part is the PHP patch, which reinforces the Zend Engine itself to avoid buffer overflow or related vulnerabilities. The second part is the extension of Suhosin, which is an independent use Module of PHP. The two parts can work together, or the extension part can work independently.

Developers do not want to maintain their own PHP installation settings for security purposes. of course, they prefer to directly use PHP on the Linux distribution system provided by the vendor, the extended modules provide more security features that PHP cannot possess.

The extension module is easy to install. It can also be installed through PECL, or compiled and installed after being downloaded:

$ Tar xvzf suhosin-0.9.17

$ Suhosin-0.9.17 cd

$ Phpize

$./Configure

$ Make

$ Sudo make install

To use suhosin, add/etc/php. ini as follows:

Extension = suhosin. so

For most people, the default configuration options are enough. To enhance the settings, you can add corresponding values in/etc/php. ini. The website details various configuration options, which can help you initialize the configuration.

With Suhosin, you can get some error logs. you can store these logs in system logs and write them to any other log files at the same time; it can also create blacklists and whitelists for each virtual master machine. it can filter GET and POST requests, file uploads, and cookies. You can also transmit encrypted sessions and cookies, and set the storage online that cannot be transferred. Unlike the original PHP Reinforcement patch, Suhosin can be compatible with third-party extension software such as Zend Optimizer.