[Mapbender-users] take care - suhosin can effect Mapbender
administration and block requests
Stephan Holl
stephan.holl at intevation.de
Tue Dec 6 08:17:40 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Astrid,
Astrid Emde <astrid.emde at wheregroup.com>, [20111206 - 12:40:58]
[...]
> >> What can you do?
> >> You can deactivate Suhosin to run the simulation mode:
> >> suhosin.simulation = on
> >
> > Isn't it the right way to make Mapbender more secure (speaking of
> > changing the coding-practice to make it compatible with suhosin)
> > than disabling the PHP-harden-framework?
> >
> > /me is confused.
> >
> > Stephan
> >
>
> Hi Stephn,
>
> I do not want you to deactivate suhosin at all. It has only some
> default configurations that ado not fit and are too restrictive.
>
> Please run suhosin.simulation to find out which suhosin variables you
> have to change. After the change you can deactivate suhosin.simulation
> again.
>
> For example has suhosin a variable suhosin.post.max_vars which has the
> value 200 by default.
> When you update a WMS which has 200 Layer suhosin.post.max_vars is to
> low and the request is blocked, which makes no sense.
>
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_vars
>
> So do not disable suhosin but change the variables as they are set too
> low for Mapbender.
Thanks for clarification.
Best
Stephan
- --
Stephan Holl <stephan.holl at intevation.de> | Tel.: +49 (0)541-33 508 3663
Intevation GmbH, Neuer Graben 17, 49074 OS | AG Osnabrück - HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7eFfQACgkQjVOs3Ksi6lgjtQCgmirqvOZyDETin4EToM8qQAYC
A54AoKoysOdKr9652sxVtn0AmLVom6vq
=THKQ
-----END PGP SIGNATURE-----
More information about the Mapbender_users
mailing list