cURL / Mailing Lists / curl-library / Single Mail


Re: Possible harm caused by using cURL on other people's websites.

From: Guenter <>
Date: Mon, 23 Aug 2010 23:06:42 +0200

Hi Ryan,
Am 23.08.2010 22:16, schrieb Gloves 12:
> Maybe I'm being overly cautions. But I know that, even though I
> work hard at making them good, some of my cURL calls are not exactly
> the same as their browser counterparts. I'm wondering if anyone else
> has ever considered this, or knows anything more about it (like "yes,
> we all worry about this a ton, you need to be testing your cURL
> statements a lot better" or "no, these never matter - it's really rare
> that even a terribly sloppy cURL call would ever harm a website").
> Thanks for any thoughts or advice!
well, it sounds to me that you fear too much. If things like what you
describe happen then most likely you discovered a security leak of a
remote server, otherwise all remote servers are prepared (or should be)
to receive any request, and in case of a bad one to reject it. Sure
almost every traffic gets logged, but a skilled admin has no problem to
distinguish between bad requests and real server probs.
Unless you go and *hammer* on remote servers (means to send few 1000
requests in shor time) I think you can do no harm.
If you want to make your work better then I suggest you ty to understand
the 'other side' a bit more: go and install an own Apache server on your
machine (free software, and for almost every platform available) which
is the server you deal in about 70% of all remote servers; make requests
to your own Apache, and read the error and access logs; that will make
you learn how a server behaves, and probably also how you can make your
code better.


BTW. such a question might fit better on the curl user list rather than
here on the developer list.

List admin:
Received on 2010-08-23