Turn on the allow_url_fopen in php.ini???

I'm preparing to install the latest version of Dolphin and the software requirements state:

PHP 4.4.0/5.1.0 and higher (register_globals must be Off, safe_mode must be Off, exec() must be allowed and allow_url_fopen also must be On) with mbstring, domxml and xsl extensions (they are required to run Orca forum and support UTF-8)

I contacted my hosting provider about this and was told allow_url_fopen is off by default because turning it on creates a security risk. My hosting provider said this:


If you choose, you can change this setting in php.ini. You can turn on the allow_url_fopen in php.ini.  This opens you up for getting the site hacked. If this happens, I can install a backup. If it happens a second time, the site won't be allowed to host with me.

What is the consensus on this? I read some other forum posts that said to just turn it on. Does this open my site to hackers or what?

Quote · 11 Sep 2008

We need in 'allow_url_fopen' just for allowing of registration of your site, not more.

Your site must be allowed send and get data from boonex site.

Quote · 12 Sep 2008
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.