allow_url_fopen on a shared hosting: good or evil?
Greetings to all!
I keep sites on two different virtual hosting (not VPS, but shared hosting). Sites on light open source CMS. When the number of sites exceeded the number of fingers, I decided to make the sites update themselves. The following options are required for auto-update: cURL is on, safe_mode is off, open_basedir is off, allow_url_fopen is on. And I faced the fact that one “for security reasons” hoster does not allow the allow_url_fopen option to be included in my php.ini. Another hoster gives and auto-update works. The question is answered, of course: spit and carry all the sites to me - everything is clear with us.
I do not know which of them to believe (I don’t understand so much in ph.). Moreover, I assume a religious theme. Therefore: I ask your opinion. And please do not holivarte;)
an> the essence of the question : enabled allow_url_fopen is a hole or not, if so, how effectively it closes and why the first hoster prefers not to allow than to close the hole.
I keep sites on two different virtual hosting (not VPS, but shared hosting). Sites on light open source CMS. When the number of sites exceeded the number of fingers, I decided to make the sites update themselves. The following options are required for auto-update: cURL is on, safe_mode is off, open_basedir is off, allow_url_fopen is on. And I faced the fact that one “for security reasons” hoster does not allow the allow_url_fopen option to be included in my php.ini. Another hoster gives and auto-update works. The question is answered, of course: spit and carry all the sites to me - everything is clear with us.
I do not know which of them to believe (I don’t understand so much in ph.). Moreover, I assume a religious theme. Therefore: I ask your opinion. And please do not holivarte;)
an> the essence of the question : enabled allow_url_fopen is a hole or not, if so, how effectively it closes and why the first hoster prefers not to allow than to close the hole.
')
Source: https://habr.com/ru/post/61429/
All Articles