I'm preparing to install the latest version of Dolphin and the software requirements state:
PHP 4.4.0/5.1.0 and higher (register_globals must be Off, safe_mode must be Off, exec() must be allowed and allow_url_fopen also must be On) with mbstring, domxml and xsl extensions (they are required to run Orca forum and support UTF-8)
I contacted my hosting provider about this and was told allow_url_fopen is off by default because turning it on creates a security risk. My hosting provider said this:
If you choose, you can change this setting in php.ini. You can turn on
the allow_url_fopen in php.ini. This opens you up for getting the site
hacked. If this happens, I can install a backup. If it happens a second
time, the site won't be allowed to host with me.
What is the consensus on this? I read some other forum posts that said to just turn it on. Does this open my site to hackers or what?