Jump to content

Security: allow_url_fopen is enabled

shinokada

By shinokada
in PHP Coding Help

 Share

Recommended Posts

shinokada Newbie

shinokada

Posted
Posted

I used PHPsecinfo to check my hosting security. http://phpsec.org/

It gives the following warning.

++++++++++++++

Warning

allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead.

 

++++++++++++++

http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html

 

It recommends the followings.

 

+++++++++++++++

Recommendations

 

You should disable allow_url_fopen in the php.ini file:

 

; Disable allow_url_fopen for security reasons

allow_url_fopen = 'off'

 

The setting can also be disabled in apache's httpd.conf file:

 

# Disable allow_url_fopen for security reasons

php_flag  allow_url_fopen  off

 

For remote file access, consider using the cURL functions that PHP provides.

+++++++++++++

 

But I don't have access to php.ini since it is hosted.

How can I do it?

Is it cretical to do it?

 

Thanks in advance.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.