cURL Mailing List Monthly Index Single Mail
curl-users Mailing List Archives
Re: Too revealing user-agent field?
2007/6/12, Daniel Stenberg <daniel_at_haxx.se>:
> Is it?
> At least one FreeBSD user seems to think so:
> Any opinions on this here?
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
The FreeBSD patch is reasonable because cURL connection exposes much system
libraries' information to remote site. Some of these libraries like OpenSSL
is vital for web application security. If the remote site detects the local
machine is not with the latest patch on these libraires, the local machine
could be the victim of attack.
By taking firefox on Linux as the example, its user-agent field exposed to
remote only contains:
"User-Agent: Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:188.8.131.52)
Received on 2007-06-13
These mail archives are generated by hypermail.
Page updated November 12, 2010.
File upload with ASP.NET
web site info