1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

curl enable - security risk?

Discussion in 'Security' started by Dzonny, Feb 18, 2012.

  1. #1
    Hello there.

    In my php.ini file i have:
    disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
    
    Code (markup):
    For some script that i would like to use (weather plugin, and one RSS script) i need curl enabled, so i guess that i should just remove "curl_exec,curl_multi_exec" code from php.ini file. I was told that it would be a security risk to do so, and i'm not sure if thats correct?

    I'm using CentOS if that matters.

    Regards,
    Dzonny
    SEMrush
     
    Dzonny, Feb 18, 2012 IP
    SEMrush
  2. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #2
    You are going to break a lot of scripts if you block curl functions. If you are worried about getting hacked by PHP functions, then you need to have your server properly secured.
     
    SolidShellSecurity, Feb 18, 2012 IP
  3. Dzonny

    Dzonny Greenhorn

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #3
    curl is blocked now, so that's why those scripts which i need don't work i guess.
    Can you please be more specific about server security about i should pay attention to?

    Thanks.
     
    Dzonny, Feb 19, 2012 IP
  4. forumhookers

    forumhookers Peon

    Messages:
    77
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Most of the script which runs on perl need curl to be enabled, for example filehosting script need curl enabled!
     
    forumhookers, Feb 19, 2012 IP
  5. StormInternet

    StormInternet Peon

    Messages:
    46
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    If curl is must for your web site then you can enable specific to that web site keeping server wide disabled.
    You can enable curl by adding it in php.ini file in web root of your web site
     
    StormInternet, Feb 26, 2012 IP
  6. samirj09

    samirj09 Well-Known Member

    Messages:
    335
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    125
    #6
    Correct, leaving curl disabled will break many scripts.
     
    samirj09, Feb 26, 2012 IP