I'm at a bit of a standstill with my server admin. I'm installing litecommerce, an e-commerce application that requires open_basedir to either be set specifically to Curl or OpenSSL or to null. At present, the setting is set to a tmp directory.
I cannot successfully install litecommerce till this gets resolved.
My questions are:
Is there a way around this? Don't have access to php.ini or httpd.conf.
Is this really a major security flaw like my admin is stating?
Does disabling affect the entire server and all its websites or just the website in question?
Does setting it specifically to Curl or OpenSSL pose a greater security threat than that of having it point to tmp?
For what its worth, i have successfully installed LiteCommerce on shared environments and dedicated environments and this has never been an issue. Even WordPress and other large scale web applications run with it open or pointed to something other than 'tmp'.
Why so much resistance?
Thanks for the advanced insight.