PHP CURL是否可以安全访问可能的恶意网站? [英] Is PHP CURL Safe to access a possible malicious site?
问题描述
我将实现一个代码,该代码将对URL进行CURL请求,以检查它是40x还是50x的网页.但我担心的是,我的用户输入了恶意URL.PHP CURL库如何安全地处理此问题?PHP CURL是否还会遇到与Web浏览器相同的漏洞?
I am about to implement a code that will be doing a CURL request to a URL to check whether it is a 40x or 50x webpage. but my worry is when my user entered a malicious URL. How safe PHP CURL library can handle this? is PHP CURL will also encounter some exploits same to a web browser?
推荐答案
As any other software curl is not perfect and it has its own bugs and security risks. But since CURL doesn't interpret the results, ie. doesn't parse html or javascript, the surface of attack is much smaller. In short, it's much safer than a web browser. Most of the security risks are related to bad programmers that exploit the servers they use to run curl more than end-users.
风险很小,有人可以提供专门设计用于利用CURL的URL,然后再提供您的网站.您的机制也有可能被用来伤害他人,这是极不可能的风险.例如,它可以通过强制多次检查特定页面来淹没其他人.但是这些风险很小,主要是系统管理员负责,可以监视整个系统的使用资源并捕获不良行为.
There is a small risk that somebody could supply a url specifically engineered to exploit CURL and then your site. There is also the improbable risk that your mechanism could be used to harm other people. For instance it could be used to flood other people, by forcing the check of a specific page multiple times. But these are very small risks and are mainly the domain of system administrators, that could monitor usage resources of the whole system and catch bad behaviour.
作为一名程序员,您可能应该检查一下显而易见的内容:请求不应持续大量时间,URL不应太
As a programmer you should probably check the obvious: the request shouldn't continue for a lot of time, the url shouldn't be too long, etc. But you can't really do much else.
这篇关于PHP CURL是否可以安全访问可能的恶意网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
