On Fri, 15 Aug 2025, cyber security via curl-users wrote:
└─$ curl https://httpbin.org --ftp-account "anonymous"
That would suddenly make curl command lines across the world that have worked fine for decades suddenly return error instead of doing what they have been doing for a long time.
What about this command line? curl https://httpbin.org --ftp-account "anonymous" ftp://ftp.funet.fi/ Is that option right or wrong? It is also quite common for people writing scripts that would do: if [ condition ] URL="https://httpbin.org"; else URL="ftp://ftp.funet.fi/"; fi curl $URL --ftp-account "anonymous"Not to mention how users can put such an option in their .netrc now and have it used when it needs to and just not used when the protocol doesn't use it.
So in general this recommended reject invalid options and validate input make curl more better and user friendly tool bad is ignore silently
It doesn't exactly "ignore silently". It's just that it never gets used if the protocol doesn't use the thing the option controls.
and using this make also improve security
How does it improve sucurity and for whom?
so i recommend secure coding
In which way do we not already practice secure coding ? -- / daniel.haxx.se || https://rock-solid.curl.dev
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
