cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl and http redirects; possible security implications

From: Alex Bligh <alex_at_alex.org.uk>
Date: Sat, 24 Apr 2010 10:08:49 +0100

Daniel,

Did you have a think about this?

Alex

--On 21 April 2010 09:02:41 +0100 Alex Bligh <alex_at_alex.org.uk> wrote:

>
>
> --On 19 April 2010 23:53:43 +0200 Daniel Stenberg <daniel_at_haxx.se> wrote:
>
>>> How about I make '~' or something an additional prefix which ignored the
>>> option if it wasn't recognised?
>>
>> I would not like that. There's basically two scenarios that would happen
>> as I see things: 1) Nobody would use it, so there would be no gain as
>> when an option is copied it fails or 2) everyone will use it and then
>> there's no point in having two different ones.
>
> I'm not sure that's true. People will in the first instance (i.e. while
> testing at the command line) use it without the tilde - as that's the
> natural thing to do - and get the syntax correct. When they put it in the
> script, they will add the tilde.
>
> If it's in every script, that's no bad thing (assuming the parameters
> passed are constant).
>
>>> the person who wants to use a back-compatible command line can do so
>>> without parsing the output of curl -V.
>>
>> The point with backwards-compatible would be to _not_ break scripts and
>> command lines etc that are using the option. Forcing manual edits of any
>> sorts break that idea.
>
> Not manual edits, I mean *parsing* the output of curl -V with perl etc.,
> which is obviously a lot of work, and thus undesirable.
>
>> Do you really think misspelled existing protocols names would be such a
>> big problem that a displayed warning wouldn't be enough to keept them at
>> a minimum?
>
> My worry is that people will log stderr in any sensibly written script,
> and thus the next thing they will ask for is a switch to silence the
> log. If we give them that, we might as well give them a switch to
> turn the check off.
>
> --
> Alex Bligh
>
>

-- 
Alex Bligh
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-04-24