Is PHPIDS enough for securing my website?

Question

I just found out about PHPIDS and I have a couple of questions:

1. Can PHPIDS protect from automated sql injection attacks ?

2. Can it protect from DOS attacks?

3. Is it enough to be used on its own or must I use additional methods too?

4. Is it reliable?

Answer 1

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

What that means is you STILL have to decide what to do with the:

1. Injection attack (drop / ignore / notify, etc;)
2. No it doesn't those are at the network level not application PHP layer.
3. This is a method of detecting, not santizing, filtering, etc; you still need your own code for protection.
4. Seems to be, why not try it. I am not aware of any 'graphs' to give you a statistical feed.

Answer 2

http://phpids.org/faq/

1) It can detect SQL injection.

2) No.

3) You will most likely need to have some additional method to complement what they provide.

4) Drupal uses it, so it fits their needs (most likely, yes.)