[Mapbender-users] take care - suhosin can effect Mapbender administration and block requests

Stephan Holl stephan.holl at intevation.de
Tue Dec 6 08:17:40 EST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Astrid,

Astrid Emde <astrid.emde at wheregroup.com>, [20111206 - 12:40:58]

[...]

> >> What can you do?
> >> You can deactivate Suhosin to run the simulation mode:
> >>  suhosin.simulation = on
> > 
> > Isn't it the right way to make Mapbender more secure (speaking of
> > changing the coding-practice to make it compatible with suhosin)
> > than disabling the PHP-harden-framework?
> > 
> > /me is confused.
> > 
> > 	Stephan
> > 
> 
> Hi Stephn,
> 
>  I do not want you to deactivate suhosin at all. It has only some
> default configurations that ado not fit and are too restrictive.
> 
> Please run suhosin.simulation to find out which suhosin variables you
> have to change. After the change you can deactivate suhosin.simulation
> again.
> 
> For example has suhosin a variable suhosin.post.max_vars which has the
> value 200 by default.
> When you update a WMS which has 200 Layer suhosin.post.max_vars is to
> low and the request is blocked, which makes no sense.
> 
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_vars
> 
> So do not disable suhosin but change the variables as they are set too
> low for Mapbender.

Thanks for clarification.

Best

	Stephan

- -- 
Stephan Holl <stephan.holl at intevation.de> | Tel.: +49 (0)541-33 508 3663
Intevation GmbH, Neuer Graben 17, 49074 OS  |  AG Osnabrück - HR B 18998
Geschäftsführer:  Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk7eFfQACgkQjVOs3Ksi6lgjtQCgmirqvOZyDETin4EToM8qQAYC
A54AoKoysOdKr9652sxVtn0AmLVom6vq
=THKQ
-----END PGP SIGNATURE-----


More information about the Mapbender_users mailing list