From Wikipedia, the free encyclopedia
Jump to: navigation, search

Suhosin (Korean 수호신, meaning guardian-angel) is an open source patch for PHP. "The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices."[1]

Suhosin goes further than that however in allowing the attack surface that PHP adds to a Web Server to be reduced to the users needs through function whitelists and various other easily enabled protections. This may reduce the risk of deploying previously deemed unsafe PHP programs to an acceptable level.

In some Linux distributions, notably Debian in versions up to 6.x ("squeeze"/"oldstable") and Gentoo Linux it was shipped by default. Suhosin has been removed from Debian as of version 7 (wheezy).

It is also activated by default in Mac OS X Server.

As of PHP 5.4, openSUSE has dropped Suhosin patch from the code, but maintains a port of the suhosin extension with own patches.[2]

As of 2013, when PHP 5.5 released, the most current Suhosin version was targeted at PHP 5.3.9. The last news article on the website is of 2007, and there was no activity in the code repository from May 2012 until February 2014; this led some distributions to consider the Suhosin project dead. Patches began to be committed again on February 6th 2014; the next version number planned for release is 0.9.35, which will only target PHP 5.4 and later.[3]

See also[edit]


  1. ^ Chapter 13, Securing PHP Web Applications by Tricia Ballad; William Ballad Publisher: Addison-Wesley Professional, Web ISBN 978-0-321-57431-2
  2. ^
  3. ^

External links[edit]