开发者

What are the reasons behind disabling cURL for security?

Many hosts use to disable cURL because of "some" security reasons.

I'm look开发者_JAVA百科ing for these reasons. A quick google lookup didn't give me an in-depth information.


Many infections (especially botnet types and some admin-shell types) that abuse arbitrary code execution vulnerabilities will inject a small payload script that then uses cURL or wget to download further instructions and configuration. It may be for blocked in attempt to limit the impact of these robotic attacks.


I remember there were some bugs in cURL with PHP version but it was long time ago and all used PHP versions now have no cURL exploits


I guess, real reason is not security, but rather financial ;) Once you pay them - there is no problem with cURL anymore.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜