views:

45

answers:

2

As you know there's some php functions to be disabled on shared hosting environments. Searching the Google, I found many lists of these functions. one of these functions is curl_exec, I can't understand why this function should be disabled? How this function could be vulnerable?

+1  A: 

It could be used to create a request loop on itself, which would lock the server. It could also be used to impersonate the site or proxy requests. If those are good enough reasons to disable curl_exex, really depends how much you trust the code.

Kendall Hopkins
So I think it's not a really dangerous function and could be expected if the vulnerabilities limited to these. Thanks for you help.
Ehsan
+1  A: 

I can't comment on why your shared hosting provider has disabled it, but it may be simply to disallow you to script interactions with other websites (possibly to send spam, launch DoS attacks act as a proxy, etc.)

Here is an explanation from another hosting provider I found:

No, you can not enable curl_exec() from cPanel. Please be informed that we have disabled curl_exec() function on our shared server due to security reasons and we can not enable it.

Curl_exec() allows anyone to remotely fetch data from other remote web server and also download & upload files from remote servers.

pkaeding
Thanks, I'm the server administrator ;-)It seems there's no need to disable it. :-)
Ehsan