[TYPO3-dev] PHPIDS and Typo3 ?
Bartosz Aninowski
bartoszx at SPAMgmail.com
Mon Apr 27 20:49:59 CEST 2009
> Marcus Krause wrote:
>> And still, I would always prefer mod_security over PHPIDS:
>> - compiled vs. interpreted code
>> - C vs. PHP
>
> Same here. Extra advantage: mod_security protects the whole server, not just PHP. It also protects from vulnerability scanners or content grabbers. For example, I was able to protect both my servers from the jumpUrl issue in 2 minutes by adding a mod_security rule.
>
unfortunately mod_security slows down everything
that depends how many and how restrictive rules you have but this layer
of security always costs
it is transparent in small enviroments but if you have thousends of
users you will see difference
--
Bartosz Aninowski
typo(3)holics
http://techblog.evo.pl
More information about the TYPO3-dev
mailing list