Hello all. I have a customer that purchased on of my scripts and attempted to install it on their server. This script, among other things, FTPs a text file from a central server. When we tried to run my script, it simply stops. No errors, no nothing. I talked to his host and found out that they do not allow PHP FTP because it is a security risk. ????? Ummmm, ok?
I spoke with my customer about this and below is what his web host told him. My understanding of PHP FTP is that my script opens an ftp connection from the server to another FTP server somewhere else on the internet. Basically, PHP FTP does nothing more than a program like SmartFTP or WS-FTP. Even the first line in the PHP manual about FTP says "The functions in this extension implement client access to file servers speaking the File Transfer Protocol (FTP)" Someone please tell me that I am correct and that this webhost is wrong. :) Chris >>>>>>>> I have been speaking with our linux techs, and have gained a more complete understanding of the feature in PHP that you want to use. We actually did have it enabled at one point, and it caused the server to be compromised. Essentially, it allows people on a machine to be able to transfer files from anywhere on the internet. This begs for people who want to run warez sites, and the like, to hack the server, and use it for their own illegal software stores. The level of permission required to allow this to run allows people to essentially load, and run whatever they want. This is an EXTREME security problem. I understand that you are moving, and I cannot persuade you differntly, but please take my advise and do some independant research. The individual that is advising you about this program is downplaying some real problems. It is the opinion of our techs, that if you are running this, eventaully, you WILL be hacked. There a plenty of things that can be done to ftp to a machine without that functionality running. We know that you have a number of sites, and we know that you would likely referr business. That being the case, it just doesn't make sense that we would not do this for you if it were safe, or even a minor problem. It is a big problem, not just with us, but with anyone running it on the internet. Please ask someone other than the person that is trying to sell it to you. That is all we ask. >>>>>>>> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
