cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl and http redirects; possible security implications

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 19 Apr 2010 23:53:43 +0200 (CEST)

On Mon, 19 Apr 2010, Alex Bligh wrote:

>>
>> Of course, a downside would be that a misspelled protocol isn't detected.
>> Perhaps it is enough if we use warnf() to inform about unknown protocols
>> that are mentioned?
>
> How about I make '~' or something an additional prefix which ignored the
> option if it wasn't recognised?

I would not like that. There's basically two scenarios that would happen as I
see things: 1) Nobody would use it, so there would be no gain as when an
option is copied it fails or 2) everyone will use it and then there's no point
in having two different ones.

> the person who wants to use a back-compatible command line can do so without
> parsing the output of curl -V.

The point with backwards-compatible would be to _not_ break scripts and
command lines etc that are using the option. Forcing manual edits of any sorts
break that idea.

Do you really think misspelled existing protocols names would be such a big
problem that a displayed warning wouldn't be enough to keept them at a
minimum?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-04-19