freelance84 Posted October 13, 2011 Share Posted October 13, 2011 I have recently embarked on understanding linux at command line, the sole reason for doing so is so i can use fsockopen or curl for INP scripts with paypal and similar scripts for another bank. I contacted my old hosting company the yesterday (bb-online), as they are pretty friendly and know their stuff, to ask again why they did not allow the use of fsockopen or curl on their shared hosting... they returned to say they did not really know why... but they are not the only ones, when i searched i couldn't find a single host that would allow it. Does anyone know the reason why shared hosting doesn't allow fsockopen or curl?? Quote Link to comment https://forums.phpfreaks.com/topic/249068-why-no-fsockopen-on-shared/ Share on other sites More sharing options...
requinix Posted October 13, 2011 Share Posted October 13, 2011 My guess would be as a protection against illegitimate use. For example, fsockopen() allows you to make direct connections to servers and send/receive data from them while cURL makes it easy to farm content from websites. As if they feel that the bad uses outweigh the good uses (which, if you ask me, they don't). Can't find a single host supporting either? That's surprising. Quote Link to comment https://forums.phpfreaks.com/topic/249068-why-no-fsockopen-on-shared/#findComment-1279157 Share on other sites More sharing options...
PFMaBiSmAd Posted October 13, 2011 Share Posted October 13, 2011 INP scripts with paypal and similar scripts for another bank. Here's a different slant on the problem. You wouldn't want to use shared web hosting for an actual ecommerce site anyway. The database server that your account can access can also be accessed by all the other accounts that have been given access rights to that database server and database servers like mysql don't have bad login attempt/lockout protection against brute-force cracking attempts, so a script on any account can sit there 24/7 and try database usernames/passwords until they eventually connect to and have access to your database information. The security is only as strong as the strength of your database username/password. This is one of the two main reasons for hashing passwords that are stored in databases (the other reason being that not protecting against sql injection can allow outputting all the information in your database tables.) For an ecommerce site, at a minimum, you would want either VPS or dedicated hosting where the database server is only accessible by your scripts. Quote Link to comment https://forums.phpfreaks.com/topic/249068-why-no-fsockopen-on-shared/#findComment-1279163 Share on other sites More sharing options...
freelance84 Posted October 14, 2011 Author Share Posted October 14, 2011 PFMaBiSmAd, i had not considered that vulnerability. Clever. Quote Link to comment https://forums.phpfreaks.com/topic/249068-why-no-fsockopen-on-shared/#findComment-1279278 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.