Suhosin (Korean 수호신, meaning guardian-angel, pronounced 'su-ho-shin') is an open source patch for PHP and also a PHP extension. Patch and extension are two independent parts, that can be used separately or in combination. "The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices."
Suhosin also reduces the "attackable surface" that PHP adds to a Web Server through function whitelists, resource limits, transparent session and cookie encryption, binary content filter, logging and various other protections. This reduces the risk of deploying previously deemed unsafe PHP programs and protects against known and unknown attacks.
Distribution with operating systems
In some Linux distributions, notably Debian in versions up to 6.x ("squeeze"/"oldstable") and Gentoo Linux, it was shipped by default with both patch and extension. Suhosin was removed from Debian as of version 7 (wheezy) but reappeared in the current development branch.
It is activated by default in Mac OS X Server.
FreeBSD 10.1 maintains the Suhosin extension in its ports collection.
As of 2013, when PHP 5.5 released, the most current Suhosin version was targeted at PHP 5.3.9. The last news article on the website is of 2007, and no activity occurred in the code repository from May 2012 until February 2014. This led some distributions to consider the Suhosin project dead. Patches began to be committed again on February 6, 2014; latest version being 0.9.37.1.
- Chapter 13, Securing PHP Web Applications by Tricia Ballad; William Ballad Publisher: Addison-Wesley Professional, Web ISBN 978-0-321-57431-2
- Official Feature List
- Overview of package php5-suhosin in Debian sid
- Mailinglist Archive: opensuse-factory (418 mails)
|This security software article is a stub. You can help Wikipedia by expanding it.|