joomla and allow_url_fopen [closed]
Posted
by
liz
on Stack Overflow
See other posts from Stack Overflow
or by liz
Published on 2012-12-19T01:48:10Z
Indexed on
2012/12/19
23:03 UTC
Read the original article
Hit count: 266
so i have been reading of the pros and cons of allowing: allow_url_fopen. but i am still confused. after a recent hacking incident (which i believe had nothing to do with allow_url_fopen) my host turned allow_url_fopen off.
so the thing i dont get is, in joomla 2.5.x there is an updating feature.you can search for new versions and be notified if things are out of date. there is a big security hole if joomla or its extensions get out of date. But the catch it needs allow_url_fopen turned on.
so why did joomla build a security risk into a feature to improve security??is it okay to turn allow_url_fopen on and have the updating feature?
to clarify: my question is. i have Joomla installed. I have CURl installed. when i run the discover updates through NATIVE joomla i get a request for fopen. shouldn't i not need to enable a security risk? i am running version 2.5.8 of joomla.
© Stack Overflow or respective owner