PHP Classes

Security has to be priority #1 in a production environment

Recommend this page to a friend!

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  Security has to be priority #1 in a...  >  (Un) Subscribe thread alerts  
Subject:Security has to be priority #1 in a...
Summary:Security has to be priority #1 in a production environment
Messages:2
Author:Luca Ferrario
Date:2012-02-03 12:00:28
Update:2012-02-03 19:11:00
 

  1. Security has to be priority #1 in a...   Reply   Report abuse  
Picture of Luca Ferrario Luca Ferrario - 2012-02-03 14:23:40
I've been using the Debian default PHP (with Suhosin) for years in production and I've never had any problem. I never saw any performance loss and, even if there was, I would be happy to have my PHP scripts take some milliseconds more but my system not to be vulnerable to some zero day PHP vulnerabilities!!!
I'm really sad about Stefani Esser: he proved to be a top security expert in the past. I'll definitely continue to use Suhosin in production, even if Debian drops it as default.
Would you really want to be woken up at 03.00am with all your systems down because somebody has found a new zero day vulnerability and you decided not to have Suhosin to improve performance a bit??

  2. Re: Security has to be priority #1 in a...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2012-02-03 19:11:00 - In reply to message 1 from Luca Ferrario
Exactly. It is scary. It is like driving a motocycle without wearing an helmet because that could make you run slower. Ridiculous. Better safe than sorry.