Elxis CMS Forum

Support => Security => Topic started by: soso on September 10, 2008, 23:20:53

Title: only two alert
Post by: soso on September 10, 2008, 23:20:53

 my site is almost  ready, but i see two security alert  1.Alert PHP displays errors 2.Alert PHP allows openning remote files..i want know this problems is very improtant? or can i open site? if this problems very improtant, what can i do?

Title: Re: only two alert
Post by: datahell on September 11, 2008, 00:03:28

About these alerts:
To display errors is not a security warning but we consider this as an alert as error messages may give hackers some information about your system (or info while they check various hacking methods on a site). So better dont display errors. You can set your php to log errors instead.

If allow_url_fopen is enabled then this is a major security thread. In some server enviroments this seems like it is enabled while it is actualy not as an other security mechanism might block this (like safe mode or open base dir). So make sure this php derective is indeed enabled and if yes contact your hosting provider to disable it. In most modern servers this is disabled. Today applications (including Elxis) dont need this enabled to work.

Title: Re: only two alert
Post by: soso on September 11, 2008, 00:31:20

thanks for fast answer :) i check system info "Safe Mode: OFF" Open basedir:     /home/mysite:/usr/lib/php:/php:...........lib/php:/tmp" :-[ open basedir  is normal? problem is  "allows openning remote files"..  "allow_url_fopen" is my old problem i solved it.again tahnks for your help.