Results 1 to 3 of 3
  1. #1

    Joomla - ini_set enabled is security risk

    Hello,
    The function "ini_set", according to CSF (ConfigServer Security & Firewall) poses a security threat (not sure exactly how) but it seems that Joomla! needs it enabled to run.

    is there a way to tweak Joomla! in order to have it run with ini_set disabled?

    Thank you.

  2. #2
    Join Date
    Jan 2002
    Location
    Home, chair
    Posts
    723
    Well, you can open session.php file and find:

    ini_set(

    replace it with:

    @ini_set(

    that will mute the warning errors you receive.
    Last edited by phpdeveloper; 11-20-2009 at 11:20 AM. Reason: spelling

  3. #3
    Join Date
    Apr 2002
    Posts
    1,789
    I have seen scripts before, I can't remember if it was Joomla or not, that just called ini_set without looking to see if the values it was wanting to set were already set.

    If this is what Joomla is doing, then I would propose that they modify their script to perform this check. Instead of forcing an ini_set of a variable, check the variable first and see if it is already set to the desired value. If it's not, then issue an ini_set() call.

Similar Threads

  1. Will any of this become a security risk?
    By themuggle in forum Hosting Security and Technology
    Replies: 3
    Last Post: 11-11-2008, 10:01 PM
  2. Joomla Security / Linux Security Question
    By barleyct in forum Hosting Security and Technology
    Replies: 10
    Last Post: 04-06-2008, 03:39 AM
  3. Security Risk?
    By winterk80 in forum Hosting Security and Technology
    Replies: 11
    Last Post: 10-19-2006, 12:03 AM
  4. security risk
    By BalAncE in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-16-2003, 08:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •