开发者

What are the reasons behind disabling cURL for security?

开发者 https://www.devze.com 2023-04-09 05:35 出处:网络
Many hosts use to disable cURL because of \"some\" security reasons. I\'m look开发者_JAVA百科ing for these reasons. A quick google lookup didn\'t give me an in-depth information.Many infections (espe

Many hosts use to disable cURL because of "some" security reasons.

I'm look开发者_JAVA百科ing for these reasons. A quick google lookup didn't give me an in-depth information.


Many infections (especially botnet types and some admin-shell types) that abuse arbitrary code execution vulnerabilities will inject a small payload script that then uses cURL or wget to download further instructions and configuration. It may be for blocked in attempt to limit the impact of these robotic attacks.


I remember there were some bugs in cURL with PHP version but it was long time ago and all used PHP versions now have no cURL exploits


I guess, real reason is not security, but rather financial ;) Once you pay them - there is no problem with cURL anymore.

0

精彩评论

暂无评论...
验证码 换一张
取 消