Hi All,
Just downloaded Dolphin 7.0 today and I am slowly getting to grips with it. However, allow fopen is an issue for me. I have a number of sites with our current server so it would be a really blow to not be able to host it with them - but they control the php.ini and wont allow fopen.
Now I have already seen issues with this - so I thought maybe I could use cURL - but I dont see any reference to that either. So I am basically unable to take full advantage of D7 due to this as there is not work round?
I am a little suprised, that this would only work through by using a command which has known security risks,
I would appreciate any help that could be offered.
|
you might be SOL with that one. When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
What if, I created a new php.ini in a local directory - publichtml - would that work? Or would it pose problems down the road? Real shame if not - I like the software.
|
What if, I created a new php.ini in a local directory - publichtml - would that work? Or would it pose problems down the road? Real shame if not - I like the software.
if you can run a local php.ini then that may work, its worth a try.
Regards,
DosDawg
When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
OK I guess - how do I do this or more importantly should I do this - any inputs? |
OK I guess - how do I do this or more importantly should I do this - any inputs?
Open your prefered, unformatted text editor and enter the following:
register_globals=Off
magic_quotes_gpc=On
allow_url_include=Off
allow_url_fopen=On
upload_max_filesize=300M
post_max_size=300M
max_input_time=3000
max_execution_time=3000
memory_limit=128M
short_open_tag=On
Then save the file as php.ini, without any .txt extension. Upload the file to your root directory and see if it works. If not, you may indeed be out of luck, unless an .htaccess file would manage to work.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Exactly how do you envison that allow_url_fopen = on would be a security risk to your site? Just curious. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Exactly how do you envison that allow_url_fopen = on would be a security risk to your site? Just curious.
Apparently it's related to remote file exploits, but I've never had any issues with it, and that's when I enable it even on a global level for all sites.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
There are lots of posts about this all over the place. code injection on poorly written scripts that don't do proper input filtering.
However, it's really needed. Without it common php functions like file_get_contents, include and require won't function.
I don't see how hosting providers can disable it, and not get millions of complaints. If fact, i don't see how they even stay in business.
https://www.deanbassett.com |
OK I will give the code Magnussoft suggested. Would I need to change anything within the database?
As an additional input - I spoke at lenght with our server provider and they were of the opinion that less and less hosting suppliers will allow fopen due to the potential risks. I think as it is stand alone its not a risk, but poor filtering from the user side causes the server companies problems - apparantley. I guess Boonex need to have a think about this?
Lastly, assuming I plough one regardless - what options/features would not be available to me - other than RSS feeds of course.
|
OK I will give the code Magnussoft suggested. Would I need to change anything within the database?
As an additional input - I spoke at lenght with our server provider and they were of the opinion that less and less hosting suppliers will allow fopen due to the potential risks. I think as it is stand alone its not a risk, but poor filtering from the user side causes the server companies problems - apparantley. I guess Boonex need to have a think about this?
Lastly, assuming I plough one regardless - what options/features would not be available to me - other than RSS feeds of course.
You would not need to change the database, or any of the files from your Dolphin installation. All you need to do is follow the instructions I set out.
As for allow_url_fopen being turned off for most hosts, I would like to debate that claim. I've been with many hosts over the years, and talked with many people from various others, all big and small. I've only heard of a few who turn off the option for PHP, and I can understand why: allot of scripts rely on it, and the issues are mainly with the coder, not the server.
Without allow_url_fopen being turned on, your site would be a bit "crippled," in that if any application relied on it, or partially relied on it, it would either not work, or not all functions of the feature would work. I recall Orca, for example, relying on this feature, along with the call-back to BoonEx servers for things such as licenses. Basically, this is required for Dolphin, plain and simple.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
RE: Apparently it's related .........
I was asking the author of this thread. I'm just curious what he thinks is going to happen if this necessary function is enabled.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
RE: Apparently it's related .........
I was asking the author of this thread. I'm just curious what he thinks is going to happen if this necessary function is enabled.
Possibly a remake of the film 2012, with Nicholas Cage as the lead role.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thanks for the information. Magnusoft - can you tell me where and what changes are needed in the database and also in Dolphin? Sorry if an obvious question....
houstonlively : I dont think anything would happen - its the hosting company raising the fear of secruity hole - and they are in charge :(
RE: Apparently it's related .........
I was asking the author of this thread. I'm just curious what he thinks is going to happen if this necessary function is enabled.
|
