shinokada Posted August 5, 2009 Share Posted August 5, 2009 I used PHPsecinfo to check my hosting security. http://phpsec.org/ It gives the following warning. ++++++++++++++ Warning allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead. ++++++++++++++ http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html It recommends the followings. +++++++++++++++ Recommendations You should disable allow_url_fopen in the php.ini file: ; Disable allow_url_fopen for security reasons allow_url_fopen = 'off' The setting can also be disabled in apache's httpd.conf file: # Disable allow_url_fopen for security reasons php_flag allow_url_fopen off For remote file access, consider using the cURL functions that PHP provides. +++++++++++++ But I don't have access to php.ini since it is hosted. How can I do it? Is it cretical to do it? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
trq Posted August 5, 2009 Share Posted August 5, 2009 You can change the setting by placing.... php_flag allow_url_fopen off within your .htaccess file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.