I am working on implementation of php/java bridge on a linux server.
One of the main requirement for this to work is including tomcat's url in php's require_once() function. I understand I can do this by turning on the allow_url_include in php.ini file. However, I am worried about the security.
- Is there anyway I can restrict the require_once() to localhost or specific urls only?
- Or, any other workaround that you may know?
I am using apache2.x (php5) on localhost
Tomcat url on port 8080, so http: //localhost:8080/JavaBridge. (On Debian 6.0.4(Squeeze))
EDIT: The url I am trying to include is php/java bridge library. The contents looks like this in the regular browser: http://pastebin.com/Kk9qCkMV
You could try ...