The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY QUESTION - advice from a hosted user. Does this make sense?

Discussion in 'Security' started by jols, Aug 22, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Here is something I just received from a hosted member. Does this make sense? If so, would it mess up any installed packages? If not, how do I implement the following? In the php.ini file? Thanks for any response.

    -------------------------------

    It'd be best if the url_fopen in php configuration disabled by default and if some of the users want it they can always use .htaccess method to enable it, instead of enabled by default and users can't change / override the allow_url_fopen flag in php configuration like now, because it may cause some security risk.

    and maybe you could make users to override the expose_php flag too, because i dont really like it to expose that kind of thing to the whole world

    thanks for your attention, and sorry for my bad english language
     
  2. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?
     
  3. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    "More specifically, will setting allow_url_fopen to OFF mess up any installed scripts?"

    It really depends on what scripts you have installed. I do know of several programs using this option and that will not work completely with this off. So you should at least inform your users about it. You can activate it per user if there is need for it.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38

    Thanks but how do you activate it per user once this is off in the main server php.ini file?
     
  5. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    For one... Setting allow_url_fopen to OFF WILL mess up Soholaunch upgrade feature. Without allow_url_fopen ON, you will not be able to download the automatic upgrades.
     
  6. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Yet one more reason to stay away from Soholaunch.

    Soholaunch is also not compatible for our customers (and our office staffers) that use MacOSX.
     
Loading...

Share This Page