Chris, Did you read the rest of the message? It sounds like the web host is saying that someone can access PHP FTP from an outside server and hack into the server.
I am not trying to start a debate on whether or not people should send passwords and userids over plain text. Yes, that is a security risk. My concern is that this webhost is telling my customer that PHP FTP itself is a security risk when it does nothing more than act like ws-ftp. >>> "Chris Wesley" <[EMAIL PROTECTED]> 02/11/03 02:22PM >>> On Tue, 11 Feb 2003, Chris Wesley wrote: > On Tue, 11 Feb 2003, Christopher Ditty wrote: > > > errors, no nothing. I talked to his host and found out that they do > > not allow PHP FTP because it is a security risk. ????? Ummmm, ok? > > That said ... FTP is a protocol; there's nothing stopping you from > opening a socket and talking FTP back & forth across it (unless your host > has disabled fsockopen() too). If you know the protocol, you probably > know how and why to avoid its security concerns. > > Other options: Move to a less security-minded hosting provider (looks > like you've already started that), or ask the FTP server admin to provide > download access to your file via HTTP. You might find this interesting too -- straight from Example 1 for fopen() in the PHP manual: http://www.php.net/manual/en/function.fopen.php $handle = fopen ("ftp://user:[EMAIL PROTECTED]/somefile.txt", "w"); b.careful ... g.luck, ~Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php