Which version of PHP is safe without Suhosin?

PHP 5.4 is generally regarded to be reasonably safe without Suhosin involved. Going forward, so long as your application supports it, you will be better off with a newer (5.4+) version of PHP, rather than an older version with the Suhosin patch. Show activity on this post.

Should I use Suhosin or PHP interpreter?

I would recommend to use Suhosin. If you "trust" your code, you can't trust PHP, though. There are a lot of vulnerabilities found in past in interpreter itself and it is believed that they won't so simply disappear one day. Suhosin protects you from more "low-level" vulnerabilities like buffer overflows and etc.

PHP is as secure as anything. But not by default, it relies on the skills of the programmer. Unlike .NET which tends to help out with security by default. Includes are safe just be careful if the paths are being dyanmically generated. The below is harmless (depending on the code in myfile.php)

What's the difference between Suhosin and PHP?

Some of the changes which Suhosin made were eventually rolled into PHP. For instance, Suhosin's various layers of protection against null bytes in inputs were made unnecessary by PHP 5.3.4, which made null bytes in filenames always throw an error (rather than silently truncating the filename at the null byte).

Is php 5.4 safe without Suhosin?

Tags:

I'm currently working on developing a PHP CMF which will eventually be commercially available and I want to use traits. The problem however is that traits are a PHP 5.4 feature and apparently the popular Suhosin security patch isn't compatible with PHP 5.4.

So my question is this: is it safe to run a PHP website without the Suhosin security patch? If not, what vulnerabilities would I be leaving myself and other people using my CMF open to?

Note: I'm not concerned about shared hosting. It's expected that anyone using my CMF would have administrative control over their web server.

Related questions
                            
                                jQuery to submit form to new tab?
                            
                                java math library for BigDecimal which allows null values
                            
                                Adjusting UICollectionView scroll speed/sensitivity
                            
                                Getting raw HTTP Data (Headers, Cookies, etc) in Google Cloud Endpoints
                            
                                Does ldd also show dependencies of dependencies?
                            
                                How to get foreign repository inside my repository in Doctrine2/Symfony2?
                            
                                Configure Apache .conf for Alias [closed]
                            
                                Meteor use fetch or find in template helper functions?
                            
                                how to remove active record object from array
                            
                                How to set the theme for DialogFragment
                            
                                Phantomjs - take screenshot of a web page
                            
                                ruby on rails ails with couldn't find file 'jquery.ui.all'

Is php 5.4 safe without Suhosin?

Tags:

Recent Activity

Donate For Us