Slashdot Mirror


Hardened PHP

Frank Kreuzbach writes "Yesterday the Hardened-PHP Project has announced its existence on the PHP-general mailinglist. It is the first public patch for PHP which adds security hardening features. It is meant as a proactive approach to protect servers against known and unknown weaknesses within PHP scripts or the engine itself. It enforces restrictions on include statements, adds canary protection to allocated memory and other internal structures and protects against internal format string vulnerabilities. It has syslog support and logs every attack together with the originating ip."

8 of 187 comments (clear)

  1. Step One by Anonymous Coward · · Score: -1, Offtopic

    Don't use WinZip encryption...

  2. This will go great with by Anonymous Coward · · Score: -1, Offtopic

    Hardened Gentoo, which I must say was an absolute breeze to setup. Selected a few kernel options, add the right USE flag, and bam.

  3. Anyone else giggling? by Anonymous Coward · · Score: -1, Offtopic

    I do some development and site administration work for a high traffic porn site, and I can tell you that we've been using Hardened PHP since before the project announcement (I'm friends with one of the developers). It works OK so far, but the server starts to get worn out after a while , after being particularly abused by a day's peak traffic.

    1. Re:Anyone else giggling? by kunudo · · Score: 0, Offtopic

      Nope.

  4. Re:Already in use by Anonymous Coward · · Score: -1, Offtopic

    If there's anything as enjoyable as pushing out a nice healthy turd, I'm sure I don't know what it is!

  5. Re:Already in use by Espectr0 · · Score: 0, Offtopic

    do some development and site administration work for a high traffic porn site, and I can tell you that we've been using Hardened PHP

    I can see it now. Hardened PHP is the new "manly-patch" for 2004. Gets you "hard"!

  6. Hey honey! Wanna see my new PHP? by Anonymous Coward · · Score: -1, Offtopic

    It's hardened.

  7. Re:I dont get this by Lord+Bitman · · Score: 0, Offtopic

    somebody isnt a programmer :)

    --
    -- 'The' Lord and Master Bitman On High, Master Of All