Slashdot Mirror


Hardened PHP

Frank Kreuzbach writes "Yesterday the Hardened-PHP Project has announced its existence on the PHP-general mailinglist. It is the first public patch for PHP which adds security hardening features. It is meant as a proactive approach to protect servers against known and unknown weaknesses within PHP scripts or the engine itself. It enforces restrictions on include statements, adds canary protection to allocated memory and other internal structures and protects against internal format string vulnerabilities. It has syslog support and logs every attack together with the originating ip."

9 of 187 comments (clear)

  1. Oops by Doomrat · · Score: 3, Funny

    I like how this story is positioned just above the one about WinZip's poor security.

  2. Is your PHP hardened? by Anonymous Coward · · Score: 2, Funny

    Or are you just glad to see me?

  3. Phew! by Dark+Lord+Seth · · Score: 4, Funny
    adds canary protection

    Is that protection against canaries? Protection with Japanese kunf-fu canaries? Or protection for canaries? I mean, the kung-fu canaries have potential...

    1. Re:Phew! by Anonymous Coward · · Score: 1, Funny

      > You wouldn't want any unfortunate 'accidents' to
      > happen to the little guy.
      >
      > -- a concerned Hawk and 'Legitimate Businessman'

      Suffering suckatash. No-one would pay a mafia hawk to guard a canary.

      You need someone objective. I'd be willing to do it for free.

      -- Sylvester the Cat

    2. Re:Phew! by Anonymous Coward · · Score: 4, Funny

      I keep a canary in my bathroom for that very reason.

  4. Soft PHP by aenters · · Score: 0, Funny

    It better not ever encourage Safe Mode as a security feature. I perfer running in Dangerous Mode.

    --
    where flamebait is +5 funny and funny stuff is -1 flamebait
  5. Re:Already in use by Tablizer · · Score: 3, Funny

    porn site....server starts to get worn out after a while, after being particularly abused by a day's peak traffic.

    Dontcha mean "peek" traffic :-)

  6. Re:Already in use by kensai · · Score: 3, Funny

    So do you use Fluffer PHP as an addon to Hardened PHP in the porn industry?

  7. Umm.. by jvollmer · · Score: 2, Funny

    Wouldn't that make it HPHP?

    If it's not Consolidated Lint, it's just fuzz!