cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: Php cURL Security

From: Deepesh Malviya <deep0mal_at_gmail.com>
Date: Wed, 17 Nov 2010 20:25:29 +0530

Hi Charbel,

When the peoples are talking about using https, it is in following two ways
1. The server which is initiating curl should also be on https.
2. The server which you are calling through curl is also https

The first very basic step would be enable ssl on both of these servers. This
you can do by purchasing ssl certificate from any ssl providers like
verisign etc or you can generate the self signed certificates on your
server. The former will cost you a good money however the latter would be
kinda free, however you will have to use the proper functions of curl to
work it out as it will throw error because it is non standard.

After, you have installed the certificate, you can call with the same code
which you have written.
$ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "URL");
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $String);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

On Wed, Nov 17, 2010 at 10:50 AM, Charbel Zeaiter
<shadow_meld_at_hotmail.com>wrote:

> Hi
>
> I need help.
> I have been looking all over the Internet and posting questions in forums,
> but so far i have just been confused and lost due to conflicting posts and
> poor documentation.
>
> I am using cURL as a php extension in order to post sensitive data to a
> server. My question is, how secure is this, can anyone intercept, read or
> change the data in transmission?
> On some posts people have told me to use https, but i have no idea how to
> do this or where to start. I realize i might need to use SSL certificates
> but i am unsure of many things,
>
> is it as simple as posting the data to a HTTPs URL "https://www.....", or
> using the curl set options:
>
> curl_setopt - CURLOPT_SSLCERT*
> OR
> *curl_setopt - CURLOPT_SSLCERTPASSWD
>
> ?
>
> so far my request consists of :
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL, "URL");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
> curl_setopt($ch, CURLOPT_HEADER, false);
> curl_setopt($ch, CURLOPT_POST, TRUE);
> curl_setopt($ch, CURLOPT_POSTFIELDS, $String);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
>
>
> Any advice will be greatly appreciated . thank you .
>
> _______________________________________________
> http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
>
>

-- 
_Deepesh

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2010-11-17

This message: [ Message body ]
Next message: Deepesh Malviya: "Re: Php cURL Security"
Previous message: Tom Worster: "Re: Php cURL Security"
In reply to: Charbel Zeaiter: "Php cURL Security"
Next in thread: Deepesh Malviya: "Re: Php cURL Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]