SECURITY QUESTION - advice from a hosted user. Does this make sense?

**jols** · 08-22-2006 01:01 AM

Here is something I just received from a hosted member. Does this make sense? If so, would it mess up any installed packages? If not, how do I implement the following? In the php.ini file? Thanks for any response.

-------------------------------

It'd be best if the url_fopen in php configuration disabled by default and if some of the users want it they can always use .htaccess method to enable it, instead of enabled by default and users can't change / override the allow_url_fopen flag in php configuration like now, because it may cause some security risk.

and maybe you could make users to override the expose_php flag too, because i dont really like it to expose that kind of thing to the whole world

thanks for your attention, and sorry for my bad english language

**jols** · 08-22-2006 01:40 AM

More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?

**areha** · 08-22-2006 04:23 AM

"More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?"

It really depends on what scripts you have installed. I do know of several programs using this option and that will not work completely with this off. So you should at least inform your users about it. You can activate it per user if there is need for it.

**jols** · 08-22-2006 04:45 AM

Originally Posted by areha

"More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?"

It really depends on what scripts you have installed. I do know of several programs using this option and that will not work completely with this off. So you should at least inform your users about it. You can activate it per user if there is need for it.

Thanks but how do you activate it per user once this is off in the main server php.ini file?

**Host4u2** · 09-03-2006 08:37 PM

For one... Setting allow_url_fopen to OFF WILL mess up Soholaunch upgrade feature. Without allow_url_fopen ON, you will not be able to download the automatic upgrades.

**jols** · 09-03-2006 08:42 PM

Originally Posted by Host4u2

For one... Setting allow_url_fopen to OFF WILL mess up Soholaunch upgrade feature. Without allow_url_fopen ON, you will not be able to download the automatic upgrades.

Yet one more reason to stay away from Soholaunch.

Soholaunch is also not compatible for our customers (and our office staffers) that use MacOSX.

LinkBack

Thread Tools

SECURITY QUESTION - advice from a hosted user. Does this make sense?

Kernel Panic error. Can anyone make sense of this?

Disk space used for mail doesnt make sense!

How can I make sense of....

The email message doesnt make any sense

An error message that does not make sense. (phpMyAdmin)