shinokada Posted August 5, 2009 Share Posted August 5, 2009 I used PHPsecinfo to check my hosting security. http://phpsec.org/ It gives the following warning. ++++++++++++++ Warning allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead. ++++++++++++++ http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html It recommends the followings. +++++++++++++++ Recommendations You should disable allow_url_fopen in the php.ini file: ; Disable allow_url_fopen for security reasons allow_url_fopen = 'off' The setting can also be disabled in apache's httpd.conf file: # Disable allow_url_fopen for security reasons php_flag allow_url_fopen off For remote file access, consider using the cURL functions that PHP provides. +++++++++++++ But I don't have access to php.ini since it is hosted. How can I do it? Is it cretical to do it? Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/168904-security-allow_url_fopen-is-enabled/ Share on other sites More sharing options...
trq Posted August 5, 2009 Share Posted August 5, 2009 You can change the setting by placing.... php_flag allow_url_fopen off within your .htaccess file. Link to comment https://forums.phpfreaks.com/topic/168904-security-allow_url_fopen-is-enabled/#findComment-891211 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.