version upgrade

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
dimxasnewfrozen
Forum Commoner
Posts: 84
Joined: Fri Oct 30, 2009 1:21 pm

version upgrade

Post by dimxasnewfrozen »

I just upgraded to a newer version of php (5.2 i believe). I am noticing an issue with my includes now. The error is with: allow_url_include=0.

This is the default setting I'm assuming but I'm wondering how important is this and if it would wise to disable it or set it to 1. Just looking for recommendations really.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: version upgrade

Post by AbraCadaver »

dimxasnewfrozen wrote:I just upgraded to a newer version of php (5.2 i believe). I am noticing an issue with my includes now. The error is with: allow_url_include=0.

This is the default setting I'm assuming but I'm wondering how important is this and if it would wise to disable it or set it to 1. Just looking for recommendations really.
My opinion is, if you need it turn it back on. The problem as with many things in PHP is that some coders use functions and pass non-sanitized data to them. This is probably more important to web hosting companies to keep their users from doing stupid things or installing software that does stupid things. If you properly sanitize data all should be well, unless your server is compromised, then you have bigger problems.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: version upgrade

Post by kaisellgren »

I'm curious, what for you need URL included files?
Post Reply