Suhosin is PHP specific and operates at that level (at the app level
and "protecting" PHP)... mod_security works at a higher level.
On Feb 19, 2010, at 10:25 AM, James Smallacombe wrote:
>
> After a recent php compromise of the www user on my web server via the Zen
> Cart "record company" explo
On 19/02/2010 15:25, James Smallacombe wrote:
After a recent php compromise of the www user on my web server via the
Zen Cart "record company" exploit, I installed the Suhosin extension
(patch was already there). Suhosin helped a great deal. It enabled me to
block certain php functions globally
After a recent php compromise of the www user on my web server via the Zen
Cart "record company" exploit, I installed the Suhosin extension (patch
was already there). Suhosin helped a great deal. It enabled me to block
certain php functions globally and re-enable them on a per-vhost basis, a
