I am running PHP 5.2.0-8 on Debian Etch.
I notice that all PHP releases for Debian (i.e. the ones that come via the automatic updater using apt-get) include the Hardened PHP "suhosin" patch.
Does anyone have an idea of how widespread the use of this patch on commerical servers is?
It's important to know, because the patch does things like limiting the number of variables in an HTML header to 200, by default.
Then again, I always try to code for the most reasonably stringent server-side limits so as to make my code as portable as possible without being inflexible.