3

Is allowing dynamic extension loading dangerous for some reason?

I ask because I need it to include the pecl oauth.so extension to make the Google Adwords PHP SDK work using dl().

I've tried all other alternatives but just can't get it to work:

http://php.net/manual/en/function.dl.php

enable_dl is set to off by default inside my php.ini, I enabled it, restarted apache and it works. If it's safe to use why is it disabled by default? I'm the only user with access to the server and it will be hosting a web application.

Any advice would be helpful!

Doug Molineux
  • 423
  • 3
  • 7
  • 17
  • Why not just enable the PECL extension in php.ini? – ceejayoz Jun 24 '11 at 00:38
  • I also use the Google Analytics PHP SDK that uses the OAuth helper libraries and there is a conflict between these two libraries causing both of them to not work. I have tried renaming the OAuth helper library class-names (thinking it was a name conflict), but to no avail. I have also tried to get the Analytics code to use the extension but it simply doesn't work (fails to find the right classes). I have a question for this on stack overflow: http://bit.ly/kPu4Yv and have just reverted to using dl due to not finding an alternative, it works, I'm just worried that it was off by default :) – Doug Molineux Jun 24 '11 at 15:08

1 Answers1

1

It's disabled by default because a lot of LAMP configurations are on shared environments that might or might not like their users loading random extensions without administrators permissions.

You seem to know what you are doing, so there should be no security risk unless you will be using the same configuration on a server web server where you have untrustworthy users.

Aleksey Korzun
  • 276
  • 1
  • 4