Forum Moderators: coopster
At first, the banner doesn't show. The banner only show up when my host enabled "Allow_url". I was told it was disabled by default due to security issues. I'd like to know what kind of security risks I face by enabling "allow_url".
Thank you.
Because you have no control over this external content, someone could swap the file on the external website for some malicious code and use it to damage your website, spread malware, almost anything!
I would side with your hosting company and agree that this should not be turned on. I would find another way to include this code into your website. If it is just HTML you're including, use file_get_contents() [uk2.php.net].
"allow_url" means that a PHP file can be included into your script from an external website.Because you have no control over this external content, someone could swap the file on the external website for some malicious code and use it to damage your website, spread malware, almost anything!
I would side with your hosting company and agree that this should not be turned on. I would find another way to include this code into your website. If it is just HTML you're including, use file_get_contents().
Do you mean ANYBODY could swap my files, or just specified people (like my advertisers) could swap the files. In my file, there's a PHP banner script. The script has specified which domain to fetch the ads from.
Basically, allow_url is a no no unless you really really need it.
