[horde] Re: Weather.com Block question
AJ
aj at mindcrash.com
Sun Apr 3 17:57:28 PDT 2005
Thanks, do you know of a way offhand to just allow a certain script, or
worse case senario, a certain virtual host in apache to allow url_fopen,
without enabling it site wide?
Thanks.
Alan W. Rateliff, II wrote:
>>-----Original Message-----
>>From: horde-bounces at lists.horde.org
>>[mailto:horde-bounces at lists.horde.org] On Behalf Of AJ
>>Sent: Sunday, April 03, 2005 11:50 AM
>>To: horde at lists.horde.org
>>Subject: [horde] Weather.com Block question
>
>
>>The weather.com block will not work without allow_url_fopen
>>enabled in
>>the PHP configuration
>>
>>Now, this used to work w/o allow_url_fopen enabled. Can this
>>block be
>>used w/o this setting, as security folks recommend keeping it
>>disabled.
>
>
> IMHO, there are a few exceptions that can generally be made for running a
> locked (non-user modifiable) web application. Tightened security is a
> compromise that you would not want to make for user applications unless you
> trust that particular user.
>
> I would say that in this case you should be able to trust Horde enough to
> allow this function to operate. Make sure permissions on your Horde
> installation are set properly (use the set_perms.sh script) *especially* if
> it is on a system which allows user access via non-chroot'ed FTP/SSH.
>
More information about the horde
mailing list