cURL / Mailing Lists / curl-users / Single Mail


Re: curl security

From: Dan Fandrich <>
Date: Thu, 8 Jun 2006 15:49:46 -0700

On Thu, Jun 08, 2006 at 10:23:02PM +0000, Joel Keeble wrote:
> when using curl is there any security problem with get compared with post?
> because a browser is not used.
> when a browser is used get will append the submitted info to the end of the
> url - my theory is no browser no security issue with get. is this correct?

You have to be more clear on what you're asking. If you're talking about
security vulnerabilities in curl due to things like buffer overflows, then
theoretically there could be different issues in the GET code path vs. the
POST code path but one is not inherently safer than the other. If you're
talking about things information leakage in logs, then GET would be safer
because the parameters are more likely to be logged than POST parameters.
There are probably a dozen other ways to interpret your question.

>>> Dan

--              The web change of address service
          Let webmasters know that your web site has moved
Received on 2006-06-09