Tuesday, April 10, 2012

Suhosin Patch for PHP 5.4

For those who care about Security in PHP must know about Suhosin, made by Stefan Esser (aka i0n1c). It's an advanced protection system for PHP installations which provides better protection by adding patches that never pulled by the PHP developers into their main code. I have been using this project for some time to add protection on my server that i manage.

Ever since PHP released 5.4, the patch is no longer compatible due to some big changes in PHP 5.4, such as the removal of magic quotes and many other features that prone to securities. In one side, this is good news, but in other side, the patch that Suhosin provide is not available for PHP 5.4.

Stefan has said that he's working on Suhosin to be compatible with PHP 5.4, but that would take some time to complete. In fact, he mentioned that it would be completed around April. Let's hope his schedule is not slip.