What are the reasons behind disabling cURL for security?
Many hosts use to disable cURL because of "some" security reasons.
I'm look开发者_JAVA百科ing for these reasons. A quick google lookup didn't give me an in-depth information.
Many infections (especially botnet types and some admin-shell types) that abuse arbitrary code execution vulnerabilities will inject a small payload script that then uses cURL
or wget
to download further instructions and configuration. It may be for blocked in attempt to limit the impact of these robotic attacks.
I remember there were some bugs in cURL with PHP version but it was long time ago and all used PHP versions now have no cURL exploits
I guess, real reason is not security, but rather financial ;) Once you pay them - there is no problem with cURL anymore.
精彩评论