joomla and allow_url_fopen [closed]

Posted by liz on Stack Overflow See other posts from Stack Overflow or by liz
Published on 2012-12-19T01:48:10Z Indexed on 2012/12/19 23:03 UTC
Read the original article Hit count: 266

Filed under:
|
|

so i have been reading of the pros and cons of allowing: allow_url_fopen. but i am still confused. after a recent hacking incident (which i believe had nothing to do with allow_url_fopen) my host turned allow_url_fopen off.

so the thing i dont get is, in joomla 2.5.x there is an updating feature.you can search for new versions and be notified if things are out of date. there is a big security hole if joomla or its extensions get out of date. But the catch it needs allow_url_fopen turned on.

so why did joomla build a security risk into a feature to improve security??is it okay to turn allow_url_fopen on and have the updating feature?

to clarify: my question is. i have Joomla installed. I have CURl installed. when i run the discover updates through NATIVE joomla i get a request for fopen. shouldn't i not need to enable a security risk? i am running version 2.5.8 of joomla.

© Stack Overflow or respective owner

Related posts about php

Related posts about security