[horde] Re: Weather.com Block question

Alan W. Rateliff, II lists at rateliff.net
Sun Apr 3 16:37:17 PDT 2005


> -----Original Message-----
> From: horde-bounces at lists.horde.org 
> [mailto:horde-bounces at lists.horde.org] On Behalf Of AJ
> Sent: Sunday, April 03, 2005 11:50 AM
> To: horde at lists.horde.org
> Subject: [horde] Weather.com Block question

> The weather.com block will not work without allow_url_fopen 
> enabled in 
> the PHP configuration
> 
> Now, this used to work w/o allow_url_fopen enabled.  Can this 
> block be 
> used w/o this setting, as security folks recommend keeping it 
> disabled.

IMHO, there are a few exceptions that can generally be made for running a
locked (non-user modifiable) web application.  Tightened security is a
compromise that you would not want to make for user applications unless you
trust that particular user.

I would say that in this case you should be able to trust Horde enough to
allow this function to operate.  Make sure permissions on your Horde
installation are set properly (use the set_perms.sh script) *especially* if
it is on a system which allows user access via non-chroot'ed FTP/SSH.

-- 
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2 at rateliff.net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]

 



More information about the horde mailing list