Posted by: horadejogar
Posted on: 2008-08-17 16:32:00
Hi. I saw that DreamHost have allow_url_fopen disabled.
Tech support told me to come here.
How can I enable it? I need to install my own php right? I have no expirience on it, I don't know anything.
How can I install and enable allow_url_fopen ?
Posted by: silkrooster
Posted on: 2008-08-17 18:02:00
It would be better to explain the type type of program you want to use. Even would be better would be a clip of the code of where the fopen is being used if possible. If it is against the license of the program then don't worry about posting the code.
Reason why I said the above is that it may be possible for someone to rewrite the code using curl. As curl is more secure than fopen is.
Most people here will try to discourage you from enabling url fopen because it is unsecure and this is a shared server.
Silk
My website
Posted by: seiler
Posted on: 2008-08-17 18:13:00
Posted by: sXi
Posted on: 2008-08-22 00:54:00
In reply to:I have no expirience on it, I don't know anything.
You *need* to know the following:
If enabled, allow_url_fopen allows PHP's file functions -- such as file_get_contents() and the include and require statements -- can retrieve data from remote locations, like an FTP or web site. Programmers frequently forget this and don't do proper input filtering when passing user-provided data to these functions, opening them up to code injection vulnerabilities. A large number of code injection vulnerabilities reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering.
Recommendations:
You should disable allow_url_fopen in the php.ini file
Source: The PHP Security Consortium