我的PHP脚本如何判断suhosin是否更改了请求变量?
[英]How can my php script tell if suhosin changed request variables?
问题描述
I've been testing security for some php scripts and have found that, among other things, suhosin strips away a posted variable that is huge... this is fine and desirable, but I'd like for my script to be able to tell that suhosin changed the request. 
我一直在测试某些php脚本的安全性,并且发现suhosin除去了很大的发布变量...这很好,很理想,但是我希望我的脚本能够告诉suhosin更改了请求。
Does suhosin leave any fingerprints to indicate that some action was taken -- in a way that the script can detect? suhosin是否留下任何指纹以表明已采取某些措施-以脚本可以检测到的方式? I'm guessing it can't trigger something like an E_USER_WARNING , because that would be thrown before the script is running and could catch it. 我猜它不能触发类似E_USER_WARNING ,因为这会在脚本运行之前抛出并可能捕获它。 Maybe an environment or special global variable? 可能是环境还是特殊的全局变量?
I tried a few approaches myself, but didn't see anything... perhaps suhosin needs to be configured to do this? 我自己尝试了几种方法,但是什么也没看到……也许需要配置suhosin才能做到这一点? I find the suhosin documentation to be, um, difficult to understand. 我发现suhosin文档很难理解。
2 个解决方案
解决方案1
0 2014-08-18 06:41:39
Suhosin's input filter is designed to filter out potentially dangerous payload, eg too big requests, transparently. Suhosin的输入过滤器旨在透明地过滤出潜在危险的有效负载(例如,太大的请求)。 If a script were able to detect this filter and change its program flow based on this information, it would be much easier for an attacker to circumvent the filter. 如果脚本能够检测到该过滤器并根据此信息更改其程序流,那么攻击者绕过该过滤器将更加容易。
As a recommendation, filter limits should be set as strict as possible, but as broad as necessary. 作为建议,应将过滤器限制设置为尽可能严格,但应尽可能宽。 Your script is supposed to run without being able to detect Suhosin's presence. 您的脚本应该在无法检测到Suhosin的情况下运行。
解决方案2
0 2011-10-15 10:28:23
是的,它确实是,不是指纹识别,而是日志记录: Suhosin日志记录配置 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.