PHP-Intrusion Detection System

[MiCR0]

It would be a really good idea to add a module for PHPIDS.
Right now I am using it on High risk Websites however Having to install it etc every time and set it all up is a pain, Would be great to have a module config it all to use on all accounts and E-Mail the root user to what is going on etc.

PHPIDS » Web Application Security 2.0

[Spiral]

It's not an Apache module, so it really doesn't work like that and users
may have different applications to use, etc.

You could load this for everything with a forced prepend in PHP.INI but
then again there really may not much use for it.

With SuPHP with SuHosin and proper PHP.INI configuration, there
is little chance of an attack such as what IDS watches for from
being even remotely successful and it's own job role can already
be filled from other components such as Mod_Security and CFS.

[DReade83]

PHP security doesn't have to be such a risk if the application has been developed properly - it's up to the developer to secure their application. Application Firewalls are just an additional layer of protection, but not the answer.

[Spiral]

PHP security doesn't have to be such a risk if the application has been developed properly - it's up to the developer to secure their application. Application Firewalls are just an additional layer of protection, but not the answer.

I strongly disagree! You are assuming that the program programs perfectly without the slightest possible degree of error and can take into account every contingency and every possible interaction of every function.

The PHP language is enormously complex and even with an expert level understanding of the language, you may not think of every possible misuse of functions or how certain data will behave in certain conditions.

Ignoring all of the above, there is also the possibility of simple typographical error. Forget a single punctuation mark in the wrong place and you could turn an otherwise fairly safe application into a dangerous one.

The purpose of IDS and SuHosin type security addons is not meant to replace the programmer but rather to help in those areas the programmer may have missed or for exploit possibilities which have not yet been discovered.

It is a supplement to good programming and a life saver to bad programming!

In a hosting service environment where you cannot guarantee whether a client's programs will be well designed and programmed with an interest in security or a careless slapped together code goo full of blatant security holes, you definitely need that extra layer of protection!