curl-users
Re: curl and http redirects; possible security implications
Date: Wed, 21 Apr 2010 09:02:41 +0100
--On 19 April 2010 23:53:43 +0200 Daniel Stenberg <daniel_at_haxx.se> wrote:
>> How about I make '~' or something an additional prefix which ignored the
>> option if it wasn't recognised?
>
> I would not like that. There's basically two scenarios that would happen
> as I see things: 1) Nobody would use it, so there would be no gain as
> when an option is copied it fails or 2) everyone will use it and then
> there's no point in having two different ones.
I'm not sure that's true. People will in the first instance (i.e. while
testing at the command line) use it without the tilde - as that's the
natural thing to do - and get the syntax correct. When they put it in the
script, they will add the tilde.
If it's in every script, that's no bad thing (assuming the parameters
passed are constant).
>> the person who wants to use a back-compatible command line can do so
>> without parsing the output of curl -V.
>
> The point with backwards-compatible would be to _not_ break scripts and
> command lines etc that are using the option. Forcing manual edits of any
> sorts break that idea.
Not manual edits, I mean *parsing* the output of curl -V with perl etc.,
which is obviously a lot of work, and thus undesirable.
> Do you really think misspelled existing protocols names would be such a
> big problem that a displayed warning wouldn't be enough to keept them at
> a minimum?
My worry is that people will log stderr in any sensibly written script,
and thus the next thing they will ask for is a switch to silence the
log. If we give them that, we might as well give them a switch to
turn the check off.
-- Alex Bligh ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-04-21