Peacebringers

Recently I figured I’d peek at phpBB’s site, and fell on to their recently posted topic regarding their plans for the next version of phpBB, 3.0.6. Considering all the new things they’ll be adding, I’m surprised this release isn’t going to be version 3.1.0. The next version will support load balanced high availability systems, new caching mechanisms, or no cache at all. Additionally they’ll be adding in a new captcha code module to allow a better variety of captcha types. Their article is an interesting read, and if you use phpBB and wish it had some options that compare at least slightly to vBulletin, this is a step in that direction in my opinion.

http://www.phpbb.com/blog/2009/06/10/phpbb-306-plans/

Peace.

So one of a few webhosts I use decided to disable PHP’s readfile() function. Now I have a reason to dislike them. Why do people assume readfile() is a security benefit when disabled? Let’s just disable half of PHP’s core functions, you know… the ones used to manipulate files, send/receive data across the web like xml-rpc (which would kill blogs like this one), etc. While XML-RPC has always been a subject of heated discussion as some people, (even myself in the past) believe “RPC” to be exactly like native Linux RPC. Education … please?

So I was faced with a disabled readfile() which Gallery uses to display random remote images from it’s array of images stored in your personal gallery. Overall, it’s touchy on Gallery’s past history of security flaws, but they’ve released updates and fixes as they’re made aware. And still, readfile() gets the rap, and gets disabled.

How to overcome it? It was easy, but involved more lines of code without readfile(). Here’s how:
(continue reading…)