• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ini_set() has been disabled for security reasons

#1
Hello,

I'm developing this CI 3.0.2 website. It worked fine until my web host disabled ini_set() function. Now, I get several warning messages on the front page of my site:

Warning: ini_set() has been disabled for security reasons

It seems the function is being referenced twice in index.php and at several places in CodeIgniter.php, Session.php, Session_files_driver.php, Security.php and other files in various system folders. It is setting the display errors in index.php and doing a lot of other possibly important things in CodeIgniter.php and other system files. I can disable the error thing but not sure what to do with the other files.

My webhost has refused to enable this function. I'm not sure if this function is really a security issue. If I set the error reporting to not show even warnings, it removes all the errors but am not sure if that will set all the variables/values that this function is supposed to in all these core files.

Is there a permanent solution to this here at CI? I'm not a developer but can do minor tweaks here and there.

Many thanks.
Reply

#2
(05-29-2016, 02:52 AM)Buddy Wrote: My webhost has refused to enable this function.

Switch hosts. I've used or had to work with a lot of hosts, and never heard of one doing such a thing. If this is the kind of thing you can expect from your host, you're sure to have ongoing problems with them.

Many hosts will import your website for free. You give them your control panel login, and they do the rest. I'd call around to hosts and ask questions before switching, but you do need to switch.
Reply

#3
(05-29-2016, 08:01 AM)skunkbad Wrote: Switch hosts.

That's an eye opener, will do that. Thanks for the quick response.

However, do you think other hosts of repute that I move on to may not do so in future, if this function is really a security issue? While looking for solutions to this issue online, I read many users talking this being a security issue? Is this function really such as issue? I see CI using it in their latest release too. So, I'm a bit confused on this.
Reply

#4
(05-29-2016, 08:20 AM)Buddy Wrote:
(05-29-2016, 08:01 AM)skunkbad Wrote: Switch hosts.

That's an eye opener, will do that.  Thanks for the quick response.

However, do you think other hosts of repute that I move on to may not do so in future, if this function is really a security issue? While looking for solutions to this issue online, I read many users talking this being a security issue? Is this function really such as issue? I see CI using it in their latest release too. So, I'm a bit confused on this.

A good host will isolate you and the changes you make to your own account, so you won't be able to affect other accounts on the server. There are a lot of things that can be security issues on a host that doesn't know what they're doing.
Reply

#5
I use webhostingbuzz and they work with me in my php coding even to add a version for me.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#6
narf posted this site recently - i know some quality hosters not on this list but it will give some places to start and a view as to which versions of php hosters are offering http://phpversions.info
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.