php suhosin configuration

Before I did any change to suhosin configuration,

the logging shows a lot of alerts,

including variable name length, value length, memory_limit, ASCIIZ null and so on.

So, what I do is to change rela开发者_StackOverflowted suhosin configuration setting.

i.e. increase value length, memory_limit, allow ASCIIZ null and so on.

After resetting, the alerts are reduced a lot.

However, it still have similar alerts sometimes, i.e. value length.

So, do I need to further increase these suhosin configuration settings?

Suhosin in itself is a very outdated patch which was not really developed further since more than 4 years. So i suggest, to dont use suhosin and use instead an current php version.

To your Question: If you trust this code to dont misuse the things you allow it, you can/must increase further. But as security issues because of the named things are very rare (i really never heard about one in the last 6 years, which would be solved throught suhosin. At all there was only one really serious issue inside of php) i suggest to follow the first i wrote.