Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2008
    Posts
    150
    Thanks
    24
    Thanked 0 Times in 0 Posts

    what is the security risk for enabling "allow_url_include" in php.ini on the server ?

    Hello, iam coding new php script, i need to use the url include inside that script, so i have to enable 'allow_url_include = On' in the 'php.ini' file on the Apache server....and that makes me wondering about those 2 important questions !!
    1. what is the security risk for the server after enabling this function ??
    2. what is the security risk for my php script after enabling this function and using it inside my script like:-
    include('http://another-site.com/file.php');

    thanks
    Last edited by crazy.works; 03-26-2010 at 01:22 PM.
    Okay...

  • #2
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    My signature is a good place to start. This link is one of the results returned.
    Are you a Help Vampire?

  • #3
    Regular Coder xconspirisist's Avatar
    Join Date
    Jun 2006
    Location
    Great Britain.
    Posts
    138
    Thanks
    1
    Thanked 6 Times in 6 Posts
    This really is quite a big security risk because if somebody else changes that file, your code can easily become vulnerable.

    It is likely that there is a more secure way of doing what you want, could you be more specific as to your problem?
    If I have been helpful, use the "thank" button - It makes me happy!

    xconspirisist.co.uk - homepage of my online alias
    technowax.net - a community for people interested in all forms of modern technology.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •