claroline php security information?

Status
Not open for further replies.
C

chadm

New Member
Messages
16
Reaction score
0
Points
0
Hi,

I get some php security warnings and notices when accessing claroline - php security information like:


allow_url_fopenallow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead. allow_url_fopenallow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead. allow_url_fopenallow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead. allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead.

Are these issues related to php on server? Is there any way to fix these security vulnurabilitries?

Please advise.

Thanks,

Amit
 
descalzo

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Exactly what do you feel the security problem is?

Yes, allow_url_fopen is enabled. But most, if not all functions that rely on allow_url_fopen and are security risks are disabled. There are some functions that rely on allow_url_fopen and are not security risks.
 
C

chadm

New Member
Messages
16
Reaction score
0
Points
0
descalzo said:
Exactly what do you feel the security problem is?

Yes, allow_url_fopen is enabled. But most, if not all functions that rely on allow_url_fopen and are security risks are disabled. There are some functions that rely on allow_url_fopen and are not security risks.
Click to expand...


Well I am simply testing a new application here and the error mesages are a part of Claroline script.

At the moment there is no issue, but since its a potential threat, I want to make sure that if I decide to go live with this project, it is safe enough to do so. The application itself is good enough to tell the security risks involved, but it appears that it is issue with server side php settings.

I would or someone who is using this system would rather freak out to see such security messages at the first place.

Definately one would like to have these security issues resolved before going live.

Any comments are highly appreciated.

Thanks and regards,

Amit
 
Status
Not open for further replies.
Top