Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Any security issue to active Curl_exec()

Discussion in 'Security' started by hackboys, Nov 6, 2011.

  1. hackboys

    hackboys Active Member

    Feb 12, 2008
    Likes Received:
    Trophy Points:

    one of my customers wanted to install a Script , he confronted Below Error :

    Warning: curl_exec() has been disabled for security reasons in /home/username/public_html/functions.php on line 0

    We have already installed CURL_Exec using Apache_update in cpanel but i think our technical has disabled the function in php.ini

    Anyway i want to know is there any security risk to enable Curl_exec() ? it could be dangerous ?

    Thank You
  2. srpurdy

    srpurdy Well-Known Member

    Jun 1, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    It's not really a security risk, but it can be. It's just a matter of if you want to allow your users to use the CURL library and that function is needed for it. If your using php 5.3 you can use the path feature with suhosin so only that account can use it. If your concerned with it. But curl doesn't do anything that sockets can't do so disabling curl without disabling sockets seems a bit pointless. It can increase server load if a novice programmer uses these functions in a bad way so there is a legit reason to not enable them by default.

    It can be a security risk if for example a novice uses the library in an improper way.

    For example: Creating a dynamic Restful API is much more secure than having an xml file saved and this file being accessed via curl_exec. If that file gets attacked it can be loading something bad on any site using it. Where if you have a dynamic restful api the risk is much smaller.
    #2 srpurdy, Nov 7, 2011
    Last edited: Nov 7, 2011
  3. anton_latvia

    anton_latvia Well-Known Member PartnerNOC

    May 11, 2004
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    IMHO it is better to allow using CURL, instead of direct remote file opening - allow_url_fopen must always be "off".
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice