Thanks, I'll check it out. On Fri, Aug 15, 2025 at 4:02 AM Daniel Stenberg <dan...@haxx.se> wrote:
> On Fri, 15 Aug 2025, cyber security via curl-users wrote: > > > └─$ curl https://httpbin.org --ftp-account "anonymous" > > That would suddenly make curl command lines across the world that have > worked > fine for decades suddenly return error instead of doing what they have > been > doing for a long time. > > What about this command line? > > curl https://httpbin.org --ftp-account "anonymous" ftp://ftp.funet.fi/ > > Is that option right or wrong? > > It is also quite common for people writing scripts that would do: > > if [ condition ] > URL="https://httpbin.org"; > else > URL="ftp://ftp.funet.fi/"; > fi > > curl $URL --ftp-account "anonymous" > > Not to mention how users can put such an option in their .netrc now and > have > it used when it needs to and just not used when the protocol doesn't use > it. > > > So in general this recommended reject invalid options and validate input > > make curl more better and user friendly tool bad is ignore silently > > It doesn't exactly "ignore silently". It's just that it never gets used if > the > protocol doesn't use the thing the option controls. > > > and using this make also improve security > > How does it improve sucurity and for whom? > > > so i recommend secure coding > > In which way do we not already practice secure coding ? > > -- > > / daniel.haxx.se || https://rock-solid.curl.dev
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
