| | ||||||||
| |||||||||
 |
11-21-2009, 12:08 PM
| #1 |
| Judy K - WSOTD Copywriter War Room Member Join Date: Jan 2004 Location: San Jose (Silicon Valley), CA , USA.
Posts: 4,617
Blog Entries: 1 Thanks: 151
Thanked 238 Times in 162 Posts
|  Kiosk (GVO) forbids php fopen? file? etc.?
I was quite amazed to read in Kiosk's knowledge base that they forbid the use of fopen They state, in their knowledgebase, the following: fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays. Most scripts realize this is a security risk and therefor no longer use this setting in php. Please contract your software author if they ask for this setting, we will only enable this on dedicated servers to protect our network Ummmm....are they using the same fopen I'm thinking of, the one that simply open files? Or are they referring to using fopen to open URLs? Simply forbidding fopen seems like the world of php scripts would fall apart, since it is basic to any kind of file handling ... Thoughts? Ideas? Comments? Thanks! Judy |
| WSOTD Copy ... check the last usernote... ==> Kick Your Sales Copy Into High Gear -- "like having your own copywriting course" -- April Coggins Get Free 33 Amazing Marketing Reports by $250K+ marketers | |
|  |
|
11-21-2009, 12:46 PM
| #2 |
| Entrepenerd.com War Room Member  Join Date: Apr 2008 Location: Logansport, IN, USA.
Posts: 670
Thanks: 129
Thanked 78 Times in 33 Posts
| Re: Kiosk (GVO) forbids php fopen? file? etc.?
fopen can be used to open files on the local file system or a URL on a remote server. That's where the security risk lies. Why they disabled fopen entirely I'm not sure. There is a setting that allows the disabling using fopen for remote URLs, but allows you to continue using it for local filesystem requests. That's what they should have done. That said, you may still be able to use curl to accomplish what you need. |
|
Signature currently down for maintenance... sorry for any inconvenience
| |
|
| |
|
11-21-2009, 10:37 PM
| #3 | |
| Judy K - WSOTD Copywriter War Room Member Join Date: Jan 2004 Location: San Jose (Silicon Valley), CA , USA.
Posts: 4,617
Blog Entries: 1 Thanks: 151
Thanked 238 Times in 162 Posts
| Re: Kiosk (GVO) forbids php fopen? file? etc.? Quote:
I suspect that must be what they've done -- I can't imagine too many php programs working without fopen. OTOH -- how many OTHER ways can you open a remote URL? iframes, javascript, etc. oh well. | |
| WSOTD Copy ... check the last usernote... ==> Kick Your Sales Copy Into High Gear -- "like having your own copywriting course" -- April Coggins Get Free 33 Amazing Marketing Reports by $250K+ marketers | ||
|
| |
 |
|
| Tags |
| file, fopen, forbids, gvo, kiosk, php |
| Thread Tools | |
| |
 |
