suhosin 补丁或扩展以及 zend 优化器

发布于 2024-10-16 01:30:11 字数 253 浏览 1 评论 0原文

我一直想知道 Suhosin 补丁和扩展之间的区别? 例如,我应该使用 PHP 5.2.17、Xcache 1.3.1 和 Zend Optimizer 3.3.0.a 安装其中哪一个? 应该是 Suhosin 扩展 0.9.32.1 吗? 补丁版本 PHP 版本是否特定于 PHP 5.3.4/5.3.3 的 Suhosin 补丁 0.9.10 和 PHP 5.2.17 的 Suhosin 补丁 0.9.7?

我也无法从安全角度理解补丁和扩展之间的明显区别,它们有何不同?

I have been wondering about the difference between Suhosin Patch and Extension?
For example which one of them I should install with PHP 5.2.17 with Xcache 1.3.1 and Zend Optimizer 3.3.0.a?
Should it be Suhosin Extension 0.9.32.1?
Is Patch version PHP version specific Suhosin Patch 0.9.10 for PHP 5.3.4/5.3.3 and Suhosin Patch 0.9.7 in my case for PHP 5.2.17?

I also couldnt understand the clear difference between Patch and Extension from security point, how do they differ from each other?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

吃兔兔 2024-10-23 01:30:11

区别很简单。其中一个(扩展)作为普通扩展运行,因此它保留了与其他扩展的兼容性。另一个(补丁)则不然,因此它可能会破坏其他 3pd 扩展。

现在,需要考虑的一件事是,最新版本的补丁甚至还没有发布(最新的补丁版本是5.3.4,所以你不能使用5.3.5 stable)。现在,您可以安装旧版本的 PHP 来使用该补丁,但这将使您暴露于最新版本中核心已关闭的漏洞。恕我直言,这是不值得的。

现在,我想澄清一件事。 Suhosin(以及其他扩展/补丁和 mod_security 等)实际上并不能保护您的代码。让我再说一遍,因为它很重要:它不能保护您的代码。它的作用是关闭一些常用的攻击媒介,并禁用一些经常被滥用的内部功能。但您的代码中仍然绝对有可能存在漏洞。

因此,虽然它可能有助于“支撑”糟糕的代码,但它对好的代码没有任何影响。如果您花费时间和精力来保护代码,那么补丁和扩展对于所有实际目的都是毫无用处的。但从某种意义上说,它就像一个防火墙,只要不会过多妨碍您,每一层都是有用的(特别是因为实际上不可能编写 100% 安全的代码)。

The difference is simple. One (the extension) operates as a normal extension, so it retains compatibility with other extensions. The other (the patch) does not, so it will likely break other 3pd extensions.

Now, one thing to consider is that the patch isn't even released for the most recent versions (the latest patch version is 5.3.4, so you can't use 5.3.5 stable). Now, you could install an older version of PHP to use the patch, but that will expose you to vulnerabilities closed by the core in the latest version. Which IMHO is not worth it.

Now, I would like to make 1 thing absolutely clear. Suhosin (and the other extensions/patches and things such as mod_security) does not actually secure your code. Let me say that agian, because it's important: It does not secure your code. What it does, is closes some commonly used attack vectors, and disables some commonly abused internal functions. But it is still absolutely possible to have vulnerabilities in your code.

So, while it may help "shore up" bad code, it will not make any difference with good code. If you spend the time and energy securing your code, the patch and extension are for all practical purposes useless. But it's like a firewall in the sense that every layer is usefl as long as it doesn't get in your way too much (Especially since it's practically impossible to write 100% secure code).

抹茶夏天i‖ 2024-10-23 01:30:11

看看: http://www.hardened-php.net/suhosin/a_feature_list.html< /a>

引擎保护部分仅在使用修补的 php 源时可用。

Look at: http://www.hardened-php.net/suhosin/a_feature_list.html

Section Engine Protection is only available when using patched php source.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文