Is suhosin necessary on a server?
We found that suhosin breaks the ability to use “act on behalf of” and “bulk print (pdf)”. With suhosin enabled, “act on behalf of” will not login as the customer, and printing in pdf will result in a blank page, or http error in IE.
After much troubleshooting, we found uninstalling suhosin fix the above 2 problems.
Now, is suhosin necessary on a server? What are the disadvantages if it is not installed/enabled?
Thank you.
I had problems with suhosin in v.1.3.5.
Discovered that the problem was caused by the “suhosin.request.max_vars” setting on the server. It has 200 value, but it is not enough for CS-Cart.
I solved this by adding to the .htaccess :
php_value suhosin.request.max_vars 2000
php_value suhosin.post.max_vars 2000
I built my server with Suhosin-Patch 0.9.7, no problems with the act on behalf of with 2.0.12…
I am new to suhosin… and I am using CS-Cart 2.0.10. Should I ask my server administrator to re-enable suhosin… I wonder what is Patch 0.9.7? Is it the latest version/patch?
[quote name=‘alanpro’]I am new to suhosin… and I am using CS-Cart 2.0.10. Should I ask my server administrator to re-enable suhosin… I wonder what is Patch 0.9.7? Is it the latest version/patch?[/QUOTE]
I think there is a newer version. .29 I believe…
Has anyone else had problems with suhosin truncating the $_FILES superglobal?
The problem occurs with product_options.update_combinations when we have more than 12 Product Options on the page, which a few of our products have!
With suhosin turned on dumping the contents of both $_REQUEST & $_FILES shows that $_REQUEST has quite happily accepted embedded arrays with 30 or more elements, whereas $_FILES is restricting arrays to just 12 elements!!!
I have tested with suhosin turned on and turned off, and things only work when it is turned off! But my hosting company is refusing to permanently turn suhosin off and are asking me to “recommend” what configuration changes I would like to try to fix this problem!
Their settings are already massively greater than those suggested by ThomH, e.g. both suhosin.request.max_vars & suhosin.post.max_vars are set to 16384!
Does anyone have any suggestions?
Thank you.
After much testing and research on a large number of other forums, the problem has been fixed!!
The following config changes were made for me:
[suhosin]
suhosin.log.use-x-forwarded-for = Off
suhosin.cookie.max_array_depth = 1000
suhosin.cookie.max_array_index_length = 500
suhosin.cookie.max_value_length = 200000
suhosin.cookie.max_vars = 16384
suhosin.get.max_array_depth = 1000
suhosin.get.max_array_index_length = 500
suhosin.get.max_value_length = 200000
suhosin.get.max_vars = 16384
suhosin.post.max_array_depth = 1000
suhosin.post.max_array_index_length = 500
suhosin.request.max_array_depth = 1000
suhosin.request.max_array_index_length = 500
suhosin.upload.max_uploads = 300
suhosin.upload.disallow_elf = Off
suhosin.session.max_id_length = 1024
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 6
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off
suhosin.upload.max_uploads = 100
But we currently have no idea which of these fixed the problem!!!
I too have “Act on Behalf off” broken.
Helpdesk tell me to change server Suhosin settings to:
suhosin.cookie.cryptua Off Off
suhosin.cookie.encrypt Off Off
but I see that Suhosin is a security measure used to limit access .
My host server, tells me they Cannot change Suhosin settings because they will effect all users on the Shared host plan.
Current setting are:
Directive Local Value Master Value
suhosin.cookie.cryptua On On
suhosin.cookie.encrypt Off Off
suhosin.post.max_vars 1000 1000
suhosin.request.max_vars 1000 1000
cs-cart helpdesk are offering no solution from the cs-cart software development side.
ThomH’s solution did not work. Adding to the .htaccess :[QUOTE]
php_value suhosin.request.max_vars 2000
php_value suhosin.post.max_vars 2000[/QUOTE]brakes the site with 500 error.
Its a Checkmate, I guess I will have to change Hosting companies.
Any help appreciated.
That can be a problem by some shared servers. Therefor we recommend for our CS-Cart customers to use our Semi-VPS servers.
[url]http://www.martfox.com/ecommerce-hosting.php[/url]
I’ve made every suhoskin change in this thread and nothing works, errrrr.
Anyone have anymore suggestions apart from uninstalling suhoskin?
On the advice of my problem Hosting Company, I changed companies.
I now host my sites at
http://justhost .com
Everything works fine now, and the support seemed to be very fast and helpful.
Also very cost effective.
so what exactly is suhosin and purpose does it serve on a server and to cs-cart?
I am still not clear on this.
Is it specific to a shared host ?
I tried doing a 2.1.1 install on a server that had suhosin enable and it would work and came up with 500 internal server error message.
The provider just modified the php.ini and disabled this and the install has worked, however, I need to understand the impact of this on my cs-cart environment.
I have read this thread but still not clear what purpose the suhosin serves and will it have any security impact if disabled in cs-cart environment?
thanks.
[url]Hardened PHP - Hardened-PHP
Suhosin has nothing to do with CS-Cart, it’s just something some hosts install to add an extra layer of server hardening, unfortunately sometimes it breaks things in some scripts.
Don’t worry about it you don’t need it.
[quote name=‘ePlanetDesign’][url]Hardened PHP - Hardened-PHP
Suhosin has nothing to do with CS-Cart, it’s just something some hosts install to add an extra layer of server hardening, unfortunately sometimes it breaks things in some scripts.
Don’t worry about it you don’t need it.[/QUOTE]
Thanks ePlanetDesign,
Ok, so no need to stress. thanks for the link, will take a look.
It's a simple fix when suhoshi is installed on the server. Just add this line to your “php.ini” file:
suhosin.simulation = OnWhy are you responding to a three year old post? Looks to me like you are just trying to advertise with your footers in your post.
Hi,
because someone has opened the URL of this thread which is monitored through our URLs tracking system.
Regards
I think that means that Triplets is correct. Just to spread around the URLs.