1
Hakim
Help with ISP communication
  • 2009/6/2 5:29

  • Hakim

  • Just popping in

  • Posts: 22

  • Since: 2009/5/28


Hi Team

This is my virgin post, so be gentle with me ...

Have just done my first and relatively straightforward install of XOOPS 2.3.3 The only snag was a security warning about open urls and the need to add: allow_url_fopen = off to the php.ini file.

Not being able to find php.ini, I did a search here and found the problem listed several times and with various solutions tried, all unsuccessfully.

Sent a message to tech support of the the hosting service I use and was told: "at this time this cannot be changed however we are evaluating changing this server wide at a latter date hope this helps"

I responded and asked if placing individual php.ini files in each directory of the XOOPS installation would work (as suggested by one poster here) and the reply was: "the ability to use a custom php file in each directory has been disabled due to security concerns (as many people were using custom php.ini files without being aware of the security implications)"

Another poster here suggested security hole was no big deal, don't worry about it.

So, after the long-winded introduction, is there any reason I should be concerned. If so, is there anything I can say to my hosting service to help facilitate the change to php.ini? Is the url_fopen setting a problem to others, or is it an XOOPS thing?

Thanks for your help.

Hakim

2
ghia
Re: Help with ISP communication
  • 2009/6/2 5:44

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


It is a general problem for all PHP based programs, not only or especially for XOOPS. The risk that the site gets hacked is somewhat higher, but there are many sites around with this wrong setting.
If your hoster can not accomodate you and you want it, then there is only one solution and that is to move on.

Important is that you have your Protector installation on point. That means xoops_lib and xoops_data outside the webroot and if that is not possible, the directories should be renamaed and addionally protected by a .htaccess file.


3
Hakim
Re: Help with ISP communication
  • 2009/6/3 2:39

  • Hakim

  • Just popping in

  • Posts: 22

  • Since: 2009/5/28


Thanks ghia

xoops_data and _lib are above the root and have been renamed too.

I guess I can live with it, especially as the host is talking about a change 'in the future'. Perhaps some objective reasons why they should change may encourage them to think about sooner rather than later.

Thanks again
Hakim

Login

Who's Online

194 user(s) are online (130 user(s) are browsing Support Forums)


Members: 0


Guests: 194


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits