Any security issue to active Curl_exec()

hackboys

Active Member
Feb 12, 2008
34
2
58
Hello!

one of my customers wanted to install a Script , he confronted Below Error :

Warning: curl_exec() has been disabled for security reasons in /home/username/public_html/functions.php on line 0

We have already installed CURL_Exec using Apache_update in cpanel but i think our technical has disabled the function in php.ini

Anyway i want to know is there any security risk to enable Curl_exec() ? it could be dangerous ?

Thank You
 

srpurdy

Well-Known Member
Jun 1, 2011
101
0
66
cPanel Access Level
Root Administrator
It's not really a security risk, but it can be. It's just a matter of if you want to allow your users to use the CURL library and that function is needed for it. If your using php 5.3 you can use the path feature with suhosin so only that account can use it. If your concerned with it. But curl doesn't do anything that sockets can't do so disabling curl without disabling sockets seems a bit pointless. It can increase server load if a novice programmer uses these functions in a bad way so there is a legit reason to not enable them by default.

It can be a security risk if for example a novice uses the library in an improper way.

For example: Creating a dynamic Restful API is much more secure than having an xml file saved and this file being accessed via curl_exec. If that file gets attacked it can be loading something bad on any site using it. Where if you have a dynamic restful api the risk is much smaller.
 
Last edited: