php suhosin 配置
在我对 suhosin 配置进行任何更改之前,
日志记录显示很多警报,
包括变量名长度、值长度、内存限制、ASCIIZ null等。
所以,我所做的就是更改相关的suhosin配置设置。
即增加值长度、内存限制、允许ASCIIZ为空等等。
重置后,警报减少了很多。
然而,有时它仍然有类似的警报,即值长度。
那么,我是否需要进一步增加这些suhosin配置设置呢?
Before I did any change to suhosin configuration,
the logging shows a lot of alerts,
including variable name length, value length, memory_limit, ASCIIZ null and so on.
So, what I do is to change related suhosin configuration setting.
i.e. increase value length, memory_limit, allow ASCIIZ null and so on.
After resetting, the alerts are reduced a lot.
However, it still have similar alerts sometimes, i.e. value length.
So, do I need to further increase these suhosin configuration settings?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Suhosin 本身是一个非常过时的补丁,4 年多以来一直没有真正进一步开发。
所以我建议不要使用 suhosin 并使用当前的 php 版本。
对于你的问题:
如果您相信此代码不会滥用您允许的内容,那么您可以/必须进一步增加。
但是由于指定的事情引起的安全问题非常罕见(在过去的 6 年里我真的从未听说过一个问题,这可以通过 suhosin 解决。PHP 内部只有一个非常严重的问题)我建议遵循首先我写了。
Suhosin in itself is a very outdated patch which was not really developed further since more than 4 years.
So i suggest, to dont use suhosin and use instead an current php version.
To your Question:
If you trust this code to dont misuse the things you allow it, you can/must increase further.
But as security issues because of the named things are very rare (i really never heard about one in the last 6 years, which would be solved throught suhosin. At all there was only one really serious issue inside of php) i suggest to follow the first i wrote.