cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: Php cURL Security

From: Tom Worster <fsb_at_thefsb.org>
Date: Wed, 17 Nov 2010 09:42:46 -0500

You need HTTPS. If the data is sensitive then you should not use
CURLOPT_SSL_VERIFYPEER=false because that would make it easy for an
impostor to pretend to be the authentic peer.

Check this out:

http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltl
s-protected-sites/

On 11/17/10 12:20 AM, "Charbel Zeaiter" <shadow_meld_at_hotmail.com> wrote:

>
>Hi
>
>I need help.
>I have been looking all over the Internet and
> posting questions in forums, but so far i have just been confused and
>lost due to conflicting posts and poor documentation.
>
>I am using
>cURL as a php extension in order to post sensitive data to a server. My
>question is, how secure is this, can anyone intercept, read or change
>the data in transmission?
>On some posts people have told me to use https, but i have no idea how
>to do this or where to start. I realize i might need to use SSL
>certificates but i am unsure of many things,
>
>is it as simple as posting the data to a HTTPs URL "https://www.
><https://www./>....", or using the curl set options:
>
>curl_setopt - CURLOPT_SSLCERT
>OR
>curl_setopt - CURLOPT_SSLCERTPASSWD
>
>?
>
>so far my request consists of :
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL, "URL");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
> curl_setopt($ch, CURLOPT_HEADER, false);
> curl_setopt($ch, CURLOPT_POST, TRUE);
> curl_setopt($ch, CURLOPT_POSTFIELDS, $String);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
>
>
>Any advice will be greatly appreciated . thank you .
> _______________________________________________
>http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2010-11-17