symbulos partners wrote:
We would like to know about security issues with curl, before installing it.
If you're talking about curl extension used from PHP scripts, read on.
If bad guys can use curl PHP extension via some security hole in your scripts,
this mean they can make HTTP requests (GET, POST) from your server.
Same if you use the HTTP_Request Pear class, or (bad idea) if you use
something like allow_url_fopen = true in your php.ini.
Security issues generally comes from badly written PHP scripts
(I mean scripts not written with security in mind from the beginning).
But I know there are smart ppl knowing about security on this list,
they will be able to tell you more than me ;-)
Ex The PHP Security Workbook:
http://shiflett.org/php-security.pdf
Christophe
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
