Although slightly related to a previous question, it is different. How secure is this

Question

0

Asked: May 16, 20262026-05-16T06:20:27+00:00 2026-05-16T06:20:27+00:00

Although slightly related to a previous question, it is different. How secure is this

0

Although “slightly” related to a previous question, it is different. How “secure” is this code in terms of cURL? Are there any other “bits” that should/ought to be added. Note it is not being used to pass “sensitive” info.

$ch = curl_init("http://www.example.com/test.xml");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
$data = curl_exec($ch);
curl_close($ch);

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T06:20:28+00:00

Few things to note:

You should try/catch in case the http://www.example.com/test.xml gives an error, such as 404 or 500. In that case you probably want to raise a fatal error or have it dealt with in your app.
You should calculate the amount of data coming over the line. What if example.com decides (or is broken into) and test.xml becomes several gigabytes large? You app needs to deal with this, somehow.
You probably want to include some 30X header/ redirect logic. curl does follow a redirect, but in that case, you probably want the redirect logged so you can take measures in your app (change the location to the new location)
You should make very sure that curl_close() is always called. In case of fatal errors, memory overflowing and so on, you certainly don’t want these sockets to remain opened.

Your code is not insecure, nor is it wrong. It just does not handle edge-cases and could be hardened.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Although slightly related to a previous question, it is different. How secure is this

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply