SECURITY QUESTION - advice from a hosted user. Does this make sense?

J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Here is something I just received from a hosted member. Does this make sense? If so, would it mess up any installed packages? If not, how do I implement the following? In the php.ini file? Thanks for any response.

-------------------------------

It'd be best if the url_fopen in php configuration disabled by default and if some of the users want it they can always use .htaccess method to enable it, instead of enabled by default and users can't change / override the allow_url_fopen flag in php configuration like now, because it may cause some security risk.

and maybe you could make users to override the expose_php flag too, because i dont really like it to expose that kind of thing to the whole world

thanks for your attention, and sorry for my bad english language
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?
 
A

areha

Well-Known Member
Oct 30, 2002
52
0
156
"More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?"

It really depends on what scripts you have installed. I do know of several programs using this option and that will not work completely with this off. So you should at least inform your users about it. You can activate it per user if there is need for it.
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
areha said:
"More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?"

It really depends on what scripts you have installed. I do know of several programs using this option and that will not work completely with this off. So you should at least inform your users about it. You can activate it per user if there is need for it.
Click to expand...

Thanks but how do you activate it per user once this is off in the main server php.ini file?
 
Host4u2

Host4u2

Well-Known Member
Mar 24, 2002
247
0
316
For one... Setting allow_url_fopen to OFF WILL mess up Soholaunch upgrade feature. Without allow_url_fopen ON, you will not be able to download the automatic upgrades.
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Host4u2 said:
For one... Setting allow_url_fopen to OFF WILL mess up Soholaunch upgrade feature. Without allow_url_fopen ON, you will not be able to download the automatic upgrades.
Click to expand...
Yet one more reason to stay away from Soholaunch.

Soholaunch is also not compatible for our customers (and our office staffers) that use MacOSX.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
K Modsecurity and cpanel questions Security 3
N Security Questions for root (WHM) only (and not cPanel users) ? Security 2
C modsecurity question Security 2
K cPanel Security Questions - Missing Security 1
F Security Advisor Check Questions Security 2
Similar threads
Modsecurity and cpanel questions
Security Questions for root (WHM) only (and not cPanel users) ?
modsecurity question
cPanel Security Questions - Missing
Security Advisor Check Questions
Top Bottom