Results 1 to 3 of 3
-
11-20-2009, 11:10 AM #1Junior Guru
- Join Date
- Apr 2009
- Posts
- 215
Joomla - ini_set enabled is security risk
Hello,
The function "ini_set", according to CSF (ConfigServer Security & Firewall) poses a security threat (not sure exactly how) but it seems that Joomla! needs it enabled to run.
is there a way to tweak Joomla! in order to have it run with ini_set disabled?
Thank you.
-
11-20-2009, 11:20 AM #2Web Hosting Master
- Join Date
- Jan 2002
- Location
- Home, chair
- Posts
- 723
Well, you can open session.php file and find:
ini_set(
replace it with:
@ini_set(
that will mute the warning errors you receive.Last edited by phpdeveloper; 11-20-2009 at 11:20 AM. Reason: spelling
-
11-20-2009, 11:22 AM #3Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
I have seen scripts before, I can't remember if it was Joomla or not, that just called ini_set without looking to see if the values it was wanting to set were already set.
If this is what Joomla is doing, then I would propose that they modify their script to perform this check. Instead of forcing an ini_set of a variable, check the variable first and see if it is already set to the desired value. If it's not, then issue an ini_set() call.
Similar Threads
-
Will any of this become a security risk?
By themuggle in forum Hosting Security and TechnologyReplies: 3Last Post: 11-11-2008, 10:01 PM -
Joomla Security / Linux Security Question
By barleyct in forum Hosting Security and TechnologyReplies: 10Last Post: 04-06-2008, 03:39 AM -
Security Risk?
By winterk80 in forum Hosting Security and TechnologyReplies: 11Last Post: 10-19-2006, 12:03 AM -
security risk
By BalAncE in forum Hosting Security and TechnologyReplies: 2Last Post: 07-16-2003, 08:52 PM