user351657
Reputation: 351
Security of this cURL code
Although "slightly" related to a previous question, it is different. How "secure" is this code in terms of cURL? Are there any other "bits" that should/ought to be added. Note it is not being used to pass "sensitive" info.
$ch = curl_init("http://www.example.com/test.xml");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
$data = curl_exec($ch);
curl_close($ch);
Upvotes: 0
Views: 129
Answers (1)
berkes
Reputation: 27553
Few things to note:
- You should try/catch in case the http://www.example.com/test.xml gives an error, such as 404 or 500. In that case you probably want to raise a fatal error or have it dealt with in your app.
- You should calculate the amount of data coming over the line. What if example.com decides (or is broken into) and test.xml becomes several gigabytes large? You app needs to deal with this, somehow.
- You probably want to include some 30X header/ redirect logic. curl does follow a redirect, but in that case, you probably want the redirect logged so you can take measures in your app (change the location to the new location)
- You should make very sure that curl_close() is always called. In case of fatal errors, memory overflowing and so on, you certainly don't want these sockets to remain opened.
Your code is not insecure, nor is it wrong. It just does not handle edge-cases and could be hardened.
Upvotes: 1
Related Questions
- Security of fetching a url content in php
- Is PHP CURL Safe to access a possible malicious site?
- Using Curl in PHP
- Is this code safe against being run from another server
- How safe is a curl function from being sniffed?
- CURL usages in PHP
- PHP cURL - Security When Processing Credit Card Transaction
- PHP: Security when using CURL?
- Regarding PHP CURL
- PHP curl question