Frequently Asked Questions

This page is a collection of questions that occur from time to time.

General

What does Suhosin mean?

Suhosin (수호신) is a south-korean word that means something very similiar to the english guardian-angel.

Why is Suhosin called Suhosin?

According to some blog entries a few korean people are kinda suprised about the name. They wonder why a german developer has choosen a korean word for his project’s name. The reason for this is very simple. The main developer of Suhosin is interested in korea for about a year now, he enjoys watching korean movies, loves korean food and he learns the korean language for several months now. Additionally the word ‘suhosin’ is quite simple, sounds interesting, describes exactly what the program is and bypasses the problem that most english words are already taken by popular software.

Why should you use the Suhosin-Patch or the Suhosin Extension?

This question is actually the most important one. Important enough that the answer is covered by an own section for it.

Should I run Hardening-Patch or Suhosin

Suhosin is actually a replacement for the Hardening-Patch. Looking at the featureset of Suhosin it is already with it’s first public release more powerful than the Hardening-Patch ever was. With the first public stable release of Suhosin the Hardening-Patch is deprecated and only Suhosin should be used in new installations.

What license is Suhosin under?

The Suhosin-Patch is a patch against the PHP code base. It heavily uses #defines from the original PHP code tree and is therefore released under the same license. The extension is also released under the same license. Currently this is the The PHP License, version 3.01.

Installation & Configuration

Usage

Will my application break because Suhosin is too restrictive?

Some people fear that the protections implemented by Suhosin are too restrictive for their applications and that after installing it, their applications stop working. Therefore Suhosin comes with a special configuration option: suhosin.simulation. When this is enabled Suhosin will continue logging violated rules but the actual blocking will not be performed.

How can I find out the problem when my application breaks?

The Troubleshooting section should answer all questions regarding this question.

Are there any compatibility problems with applications?

In the Troubleshooting section you will find information about all incompatibilities we know about. It will list the Configuration switches that might be needed to get a certain application working correctly.


© Hardened PHP Project