PHP-suhosin installation
Debian etch installation
The installation of suhosin on debian etch is really pretty simple. It took me all of 5 minutes or so to have a basic working installation.
First we start by finding the suhosin package for our php version
apt-cache search suhosin
php4-suhosin - advanced protection module for php4
php5-suhosin - advanced protection module for php5
Now install suhosin
apt-get install php5-suhosin
The suhosin.ini should be located in /etc/php5/conf.d .
Configuration
The basic configuration that ships with suhosin will work out-of-the-box but I have added a few tweaks.
In the php.ini we add the following:
Enable suhosin
extension=suhosin.so
Disable session encryption (required for most login scripts)
suhosin.session.encrypt = Off
Log all errors
suhosin.log.syslog=511
Max traversal depth ie '../../'
suhosin.executor.include.max_traversal=4
Disable eval
suhosin.executor.disable_eval=On
Disable /e modifier
suhosin.executor.disable_emodifier=On
Disallow newlines in Subject:, To: headers and double newlines in additional headers
suhosin.mail.protect=2
Recommend Settings
Silently fail all failed sql queries
suhosin.sql.bailout_on_error=On
Tiada ulasan:
Catat Ulasan