Well I do not use suhosin as I can lock down PHP with things like disable_function, disable_classes along with more advance function such as chroot and mod_security. On 8/3/13, Nick Edwards <nick.z.edwards@xxxxxxxxx> wrote: > Ok, so I know this might start flame wars, but... here goes ;) > > It seems suhosin is dead as far as 5.4 goes, now, some make > allegations that it is no longer needed since php has allegedly > incorporated much of its safe guards, but these claims are from self > proclaimed experts (a term i use very loosley) on forums and blogs. > > So, is the general opinion here, from actual "factual experience" and > not because you read the same trashy bloggers as I did, in agreeance? > is it genuinely true that suhosin is now irrelevant with 5.4 upwards > and php is now much safer on its own? > > We have always appreciated its work to stop plugins and so forth > escaping local jails by example open_base or some other lock-down > type setting, plus injections and so forth. > > if php has incorporated such, thats fine, but I have no idea where to > turn to ask for factual information on this, so I'm asking here and > hope that a dev or someone in the inner circle knows the facts, and > not rumours or sumizes, or a tleast more facts than half the self > appointed gurus claim :) > > Thanks > Nikki > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Regards, Daniel Fenn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
