[Mapbender-users] take care - suhosin can effect Mapbender
administration and block requests
stephan.holl at intevation.de
Tue Dec 6 08:17:40 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Astrid Emde <astrid.emde at wheregroup.com>, [20111206 - 12:40:58]
> >> What can you do?
> >> You can deactivate Suhosin to run the simulation mode:
> >> suhosin.simulation = on
> > Isn't it the right way to make Mapbender more secure (speaking of
> > changing the coding-practice to make it compatible with suhosin)
> > than disabling the PHP-harden-framework?
> > /me is confused.
> > Stephan
> Hi Stephn,
> I do not want you to deactivate suhosin at all. It has only some
> default configurations that ado not fit and are too restrictive.
> Please run suhosin.simulation to find out which suhosin variables you
> have to change. After the change you can deactivate suhosin.simulation
> For example has suhosin a variable suhosin.post.max_vars which has the
> value 200 by default.
> When you update a WMS which has 200 Layer suhosin.post.max_vars is to
> low and the request is blocked, which makes no sense.
> So do not disable suhosin but change the variables as they are set too
> low for Mapbender.
Thanks for clarification.
Stephan Holl <stephan.holl at intevation.de> | Tel.: +49 (0)541-33 508 3663
Intevation GmbH, Neuer Graben 17, 49074 OS | AG Osnabrück - HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Mapbender_users