[Dailydave] Bouncing with PHP
Jeremy Kelley
jeremy at austin.ibm.com
Tue May 20 18:48:40 EDT 2008
Suhosin helps immensely by the simple fact that it disables remote file
inclusions. That one feature alone would have stopped about 90% (made
up statistic, don't know...) of the php app attacks from the last couple
of years and before declare_globals was defaulted off.
-j
Quoting John Dangler (jdangler at terremark.com):
> How does Suhosin affect the odds in a PHP5 web application?
--
Jeremy Kelley <jeremy at austin.ibm.com> Sr. Threat Analyst
gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D
That's the problem with science. You've got a bunch of empiricists
trying to describe things of unimaginable wonder. -Bill Watterson
More information about the Dailydave
mailing list