summaryrefslogtreecommitdiff
path: root/doc/source/faq.rst
diff options
context:
space:
mode:
authorConnor Carr2017-10-08 17:06:55 +0100
committerjvoisin2017-10-08 18:06:55 +0200
commit21e6837c1c8442eb01e069b87a01e5996d41f2e9 (patch)
treef97931aef6ea060a9d761c4acb62d6d3e9a6eaa2 /doc/source/faq.rst
parent99f18f7818f8f3ee354c78276d7cd981312c7d43 (diff)
Grammar/Punctuation changes (#29)
Diffstat (limited to 'doc/source/faq.rst')
-rw-r--r--doc/source/faq.rst34
1 files changed, 17 insertions, 17 deletions
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 53d65ce..71326b6 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -8,19 +8,19 @@ What is Snuffleupagus?
8"""""""""""""""""""""" 8""""""""""""""""""""""
9 9
10Snuffleupagus is a `PHP7+ <http://php.net/manual/en/migration70.php>`_ 10Snuffleupagus is a `PHP7+ <http://php.net/manual/en/migration70.php>`_
11module designed to drastically raising the cost of attacks against website, 11module designed to drastically raise the cost of attacks against websites. This is achieved
12by killing entire bug classes, and also providing a powerful virtual-patching system, 12by killing entire bug classes and providing a powerful virtual-patching system,
13allowing administrator to fix specific vulnerabilities without having to touch the PHP code. 13allowing the administrator to fix specific vulnerabilities without having to touch the PHP code.
14 14
15 15
16Where does the name *Snuffeupagus* comes from? 16Where does the name *Snuffeupagus* come from?
17"""""""""""""""""""""""""""""""""""""""""""""" 17""""""""""""""""""""""""""""""""""""""""""""""
18 18
19 Aloysius Snuffleupagus, more commonly known as Mr. Snuffleupagus, Snuffleupagus 19 Aloysius Snuffleupagus, more commonly known as Mr. Snuffleupagus,
20 or Snuffy for short, is one of the characters on Sesame Street, 20 or Snuffy for short, is one of the characters on Sesame Street,
21 the educational television program for young children. 21 the educational television program for young children.
22 22
23 He was created as a woolly mammoth, without tusks or (visible) ears, 23 He was created as a woolly mammoth without tusks or (visible) ears,
24 and has a long thick pointed tail, similar in shape to that of a dinosaur 24 and has a long thick pointed tail, similar in shape to that of a dinosaur
25 or other reptile. He has long thick brown hair and a trunk, or "snuffle", 25 or other reptile. He has long thick brown hair and a trunk, or "snuffle",
26 that drags along the ground. He is Big Bird's best friend and 26 that drags along the ground. He is Big Bird's best friend and
@@ -43,9 +43,9 @@ We're working for `NBS System <https://nbs-system.com/en/>`__,
43a web hosting company (meaning that we're dealing with PHP code all day long), 43a web hosting company (meaning that we're dealing with PHP code all day long),
44with a strong focus on security. We do have hardening 44with a strong focus on security. We do have hardening
45(`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_, 45(`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_,
46`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, ) 46`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, etc)
47below the web stack, but most of the time, when a website is compromised, 47below the web stack, but most of the time, when a website is compromised,
48it's either to send ads, spam, deface it, steal data, 48it's can be to send ads, spam, deface it, steal data etc.
49This is why we need to harden the website itself too, but we can't touch its 49This is why we need to harden the website itself too, but we can't touch its
50source code. 50source code.
51 51
@@ -62,7 +62,7 @@ We're huge fans of `Suhosin <https://suhosin.org>`_, unfortunately:
62We're using the `disable_function <https://secure.php.net/manual/en/ini.core.php#ini.disable-functions>`_ 62We're using the `disable_function <https://secure.php.net/manual/en/ini.core.php#ini.disable-functions>`_
63directive, but unfortunately, it doesn't provide enough usable granularity (guess how many CMS are using 63directive, but unfortunately, it doesn't provide enough usable granularity (guess how many CMS are using
64the `system <https://secure.php.net/manual/en/function.system.php#refsect1-function.system-notes>`_ 64the `system <https://secure.php.net/manual/en/function.system.php#refsect1-function.system-notes>`_
65function to perform various mandatory maintenance tasks). 65function to perform various mandatory maintenance tasks).
66 66
67This is why we decided to write our own hardening module, in the spirit of Suhosin, 67This is why we decided to write our own hardening module, in the spirit of Suhosin,
68via virtual-patching support, and other cool new features. 68via virtual-patching support, and other cool new features.
@@ -70,7 +70,7 @@ via virtual-patching support, and other cool new features.
70What license is Snuffleupagus under and why? 70What license is Snuffleupagus under and why?
71"""""""""""""""""""""""""""""""""""""""""""" 71""""""""""""""""""""""""""""""""""""""""""""
72 72
73Snuffleupagus is licensed under the `LGPL <https://www.gnu.org/copyleft/lesser.html>`_, 73Snuffleupagus is licensed under the `LGPL <https://www.gnu.org/copyleft/lesser.html>`_
74and is developed by the fine people from `NBS System <https://nbs-system.com/>`__. 74and is developed by the fine people from `NBS System <https://nbs-system.com/>`__.
75 75
76We chose the LGPL because we don't care that much how you're using Snuffleupagus, 76We chose the LGPL because we don't care that much how you're using Snuffleupagus,
@@ -92,22 +92,22 @@ it becomes compromised.
92How mature is this project? 92How mature is this project?
93""""""""""""""""""""""""""" 93"""""""""""""""""""""""""""
94 94
95This project was floating around since early 2016, and we did the first commit 95This project was floating around since early 2016 and we did the first commit
96the 28ᵗʰ of December of the same year. We're currently in an alpha phase, 96the 28ᵗʰ of December of the same year. We're currently in an alpha phase,
97finding and fixing as much bugs as possible before the beta. 97finding and fixing as many bugs as possible before the beta.
98 98
99Are you saying that PHP isn't secure? 99Are you saying that PHP isn't secure?
100""""""""""""""""""""""""""""""""""""" 100"""""""""""""""""""""""""""""""""""""
101 101
102We don't like PHP's approach of security; namely (sometimes) adding warnings 102We don't like PHP's approach of security; namely (sometimes) adding warnings
103in the documentation and trusting the developer to not do any mistake, 103in the documentation and trusting the developer to not do any mistake,
104instead of focusing on the root cause, and killing the 104instead of focusing on the root cause and killing the
105bug class one for all. 105bug class once and for all.
106 106
107Moreover, it seems that the current attitude toward security in the PHP world 107Moreover, it seems that the current attitude toward security in the PHP world
108is to `blame the user <https://externals.io/message/100147>`_ instead of acknowledging 108is to `blame the user <https://externals.io/message/100147>`_ instead of acknowledging
109issues, as stated in their `documentation <https://wiki.php.net/security#not_a_security_issue>`_. 109issues, as stated in their `documentation <https://wiki.php.net/security#not_a_security_issue>`_.
110We do think that an security issue that "requires the use of code or settings known to be insecure" 110We do think that a security issue that "requires the use of code or settings known to be insecure"
111is still a security issue, and should be treated as such. 111is still a security issue, and should be treated as such.
112 112
113We don't have the pretention to state that Snuffleupagus will magically solve 113We don't have the pretention to state that Snuffleupagus will magically solve
@@ -133,12 +133,12 @@ Yes.
133 133
134Some options won't break anything, like :ref:`harden-rand <harden-rand-feature>`, 134Some options won't break anything, like :ref:`harden-rand <harden-rand-feature>`,
135but some like :ref:`global_strict <global-strict-feature>` 135but some like :ref:`global_strict <global-strict-feature>`
136or overly-restrictives :ref:`virtual-patching<virtual-patching-feature>` 136or overly-restrictive :ref:`virtual-patching<virtual-patching-feature>`
137rules might pretty well break your website. 137rules might pretty well break your website.
138It's up to you to configure Snuffleupaggus accordingly to your needs. 138It's up to you to configure Snuffleupaggus accordingly to your needs.
139 139
140You can also enable the ``simulation`` mode on features that you're not sure about, 140You can also enable the ``simulation`` mode on features that you're not sure about,
141to see what would snuffleupagus do to your application, before activating them for good. 141to see what snuffleupagus would do to your application, before activating them for good.
142 142
143How can I find out the problem when my application breaks? 143How can I find out the problem when my application breaks?
144"""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 144""""""""""""""""""""""""""""""""""""""""""""""""""""""""""