Gram
Понечетный Участник Проекта
 Откуда: здешний Всего сообщений: 566 Рейтинг пользователя: 14 Репутация пользователя: 1Дата регистрации на форуме: 23 июля 2003 |
Профиль | Сообщить модератору | ИгнорироватьNEW! Сообщение отправлено: 10 августа 2006 13:17
возьму на себя смелость процитировать...
Feature List
Engine Protection
Protects the internal Zend Engine Memory Manager against bufferoverflows with Canary and SafeUnlink ProtectionProtects Destructors of Zend HashtablesProtects Destructors of Zend Linked-ListsProtects the PHP core and extensions against format string vulnerabilitiesProtects against errors in certain libc realpath() implementations
Runtime Protection
Protects against different kinds of (Remote-)Include Vulnerabilities
disallows overlong filenames
disallows Remote URL inclusion (optional: black-/whitelisting)
disallows inclusiong of uploaded files
protects against ASCIIZ string termination attacksProtects against infinite recursion through a configureabel maximum execution depthSupports per Virtual Host / Directory configureable function black- and whitelistsSupports a separated function black- and whitelist for evaluated codeProtects against SQL error message disclosureProtects against HTTP Response Splitting VulnerabilitiesProtects against scripts manipulating the memory_limitProtects PHP‘s superglobals against extract() and import_request_vars()Adds the functions sha256() and sha256_file() to the PHP coreAdds support for CRYPT_BLOWFISH to crypt() on all platformsAdds protection against newline attacks to mail()
Filtering Features
Filters ASCIIZ characters from user inputIgnores GET, POST, COOKIE variables with the following names:
GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
_SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARSAllows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)
Supports a number of variables per request limit
Supports a maximum length of variable names [with and without indicies]
Supports a maximum length of array indicies
Supports a maximum length of variable values
Supports a maximum depth of arraysAllows only a configureable number of uploaded files
Supports verification of uploaded files through an external script
Supports automatic banning of uploaded ELF executables
Logging Features
Supports multiple log devices (syslog, SAPI module error log, external logging script)Supports freely configureable syslog facility and prioritySupports log device separated selection of alert types to logAlerts contain filename and linenumber that triggered itAlerts contain the IP address of the user triggering itThe IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups) | 
