Go Back   CodingForums.com > :: Server side development > Apache configuration
Reload this Page what is the security risk for enabling "allow_url_include" in php.ini on the server ?

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 03-26-2010, 01:19 PM   PM User | #1
crazy.works
Regular Coder

 
Join Date: Jul 2008
Posts: 150
Thanks: 24
Thanked 0 Times in 0 Posts
crazy.works is an unknown quantity at this point
what is the security risk for enabling "allow_url_include" in php.ini on the server ?
Hello, iam coding new php script, i need to use the url include inside that script, so i have to enable 'allow_url_include = On' in the 'php.ini' file on the Apache server....and that makes me wondering about those 2 important questions !!
1. what is the security risk for the server after enabling this function ??
2. what is the security risk for my php script after enabling this function and using it inside my script like:-
include('http://another-site.com/file.php');

thanks
__________________
Okay...
Last edited by crazy.works; 03-26-2010 at 01:22 PM..
crazy.works is offline   Reply With Quote
Old 03-26-2010, 02:29 PM   PM User | #2
tomws
Senior Coder

 
tomws's Avatar
 
Join Date: Nov 2007
Location: Arkansas
Posts: 2,644
Thanks: 29
Thanked 330 Times in 326 Posts
tomws will become famous soon enoughtomws will become famous soon enough
My signature is a good place to start. This link is one of the results returned.
__________________
Are you a Help Vampire?
tomws is offline   Reply With Quote
Old 03-30-2010, 09:00 PM   PM User | #3
xconspirisist
Regular Coder

 
xconspirisist's Avatar
 
Join Date: Jun 2006
Location: Great Britain.
Posts: 137
Thanks: 1
Thanked 6 Times in 6 Posts
xconspirisist has a little shameless behaviour in the past
This really is quite a big security risk because if somebody else changes that file, your code can easily become vulnerable.

It is likely that there is a more secure way of doing what you want, could you be more specific as to your problem?
__________________
If I have been helpful, use the "thank" button - It makes me happy!

xconspirisist.co.uk - homepage of my online alias
technowax.net - a community for people interested in all forms of modern technology.
xconspirisist is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 05:57 AM.
Advertisement
Log in to turn off these ads.