--- Christopher Ditty <[EMAIL PROTECTED]> wrote: > This script, among other things, FTPs a text file from a central server. > When we tried to run my script, it simply stops. No errors, no nothing. > I talked to his host and found out that they do not allow PHP FTP because > it is a security risk.
This is probably just a lot of miscommunication. My initial guess is that you are talking about running an FTP client, and they are talking about running an FTP server. For them to allow PHP's FTP extension, they would need to configure PHP with the --enable-ftp flag as described here: http://www.php.net/manual/en/ref.ftp.php They may not have done this, and your script would exit with an error similar to the following: Fatal error: Call to undefined function: ftp_connect()... Are you sure there are no errors? I am assuming you viewed the source, not just the browser's rendered page. If you are using fopen() to retrieve a file via FTP, it is possible that your host uses the --disable-url-fopen-wrapper flag to disable this. This is generally done to protect the inexperienced developers who may use these functions with unvalidated client data, opening themselves to security risks. > I have been speaking with our linux techs, and have gained a more complete > understanding of the feature in PHP that you want to use. We actually did > have it enabled at one point, and it caused the server to be compromised. This sounds like they are thinking about an FTP server. > Essentially, it allows people on a machine to be able to transfer files from > anywhere on the internet. This begs for people who want to run warez sites, > and the like, to hack the server, and use it for their own illegal software > stores. The level of permission required to allow this to run allows people > to essentially load, and run whatever they want. This is an EXTREME security > problem. This demonstrates that they have no idea what they are talking about and have been scared by stories of security vulnerabilities found in FTP servers (such as WU-FTP). By their logic, if Apache had security vulnerabilities, it would be best to not allow people to run Mozilla. > It is the opinion of our techs, that if you are running this, eventaully, > you WILL be hacked. There a plenty of things that can be done to ftp to a > machine without that functionality running. There seems to be too much confusion going on here for these people to be Web hosts. You're probably wise to be leaving anyway. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
