Suhosin
Suhosin is an advanced protection system for [[PHP]] installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core itself. Suhosin comes from the Korean word meaning "guardian-angel." It was developed by Stefan Esser, a well-known expert in PHP security.
Suhosin implements several security enhancements and protections to safeguard against potential vulnerabilities in PHP applications. These include protections against [[buffer overflows]], [[Format String Vulnerabilities]], and other low-level attacks.
Suhosin adds advanced protection for global, request, and other variables by enforcing limits and ensuring that potentially harmful data is not passed into the application. It can transparently encrypt client-side [[cookies]] to protect sensitive data.
Suhosin provides detailed logging of potential security issues, which is crucial for identifying and responding to attacks. It offers extensive configuration options, allowing system administrators to adjust the security settings according to their specific requirements.
Suhosin consists of two parts: a patch for the PHP core and a PHP extension. The patch adds low-level protections to the PHP engine, while the extension implements additional protections that can be configured at runtime. It can be fine-tuned through a variety of configuration options set in the php.ini
file, allowing administrators to enable or disable different features based on their security needs.
Suhosin is mainly used by server administrators and is particularly beneficial for shared hosting environments where users may run untrusted PHP code. While Suhosin adds an extra layer of security, it's important to ensure that it's compatible with all PHP applications running on the server, as its restrictions might cause issues with some applications.