4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

curious about "allow_url_include" issues

by YellowBird
3 replies
Hi,

I recently purchased a program here (with a website download) that requires the host be able to have "allow_url_include" be open. My current host does not and says that in his 12 years of php programming, has not used it. He feels it's a high security risk.

My questions are:
What are your thoughts/experience with that code?
What host would you recommend (I also have an account at Hostmonster) - if indeed I should go forward with getting this set up.

I am new at this, but appreciate any help or insight you can offer.

Kindly,
Deb
#allowurlinclude #curious #issues
  • Profile picture of the author patfl
    Check this blog: PHP 5.2.0 and allow_url_include - PHP Security Blog
    {{ DiscussionBoard.errors[2366440].message }}
    • Profile picture of the author YellowBird
      Thanks for the tip. I did read the article and noted it was written in '06, I believe. The site I'm looking at does need to have fresh information updated by the developer on a daily basis, so they would need access to it. That is my guess as to the necessity of having that option.

      I also noticed that some hosting companies include it as a default setting and some do not. My take on it would be that if you use that script in a site that had time sensitive information and that it would come from a trusted source, it could be useful and OK.

      If you have a static site, then not having the allow_url_include would make more security sense.

      Am I on the right track here in my understanding? Not sure if my terminology is all correct..
      Thanks for your response, Patrice,

      Best,
      Deb
      Signature
      Voted #1 Internet Marketing service by IM Report card: www.internetmarketing-abc.com
      Blog about successful late blooming: www.debbauer.com
      "The secret to changing your life is changing your mind."
      {{ DiscussionBoard.errors[2384997].message }}
      • Profile picture of the author bool
        You are right, as you said, if you trust the source it is ok to use it.

        But remember if you do not control the source then you can't trust it.
        {{ DiscussionBoard.errors[2385755].message }}

Trending Topics