Welcome To Basenetix
This is a summary blog of the things the Netbasic development team talk about in their spare time. If you see a post that intrests you, why not click the link and read their blog :)
-
cURL Tips – HTTPS requests
Posted on December 15th, 2009 No commentsToo many times have I seen this in cURL clients: curl_setopt ( $ch , CURLOPT_SSL_VERIFYHOST , false ) ; curl_setopt ( $ch , CURLOPT_SSL_VERIFYPEER , false ) ; Why is this bad? You leave yourself totally open to man-in-the-middle attacks, and makes SSL virtually pointless. Sure the data passed between the two servers would still be encrypted, but there is no way of verifying the server you’re talking to is the server you WANT to be talking to! My recommendation is that you verify the server is genuine by checking against the genuine CA certificate in PEM format.
See original here:
Sphere: Related Content
cURL Tips – HTTPS requests
17, 5, BT, IDE, James, OS, Read, Top, URL, ad, amp, api, blog, cURL, certificate, change, check, client, coding, data, form, format, fun, function, host, http, https, in, ing, int, internet, less, like, me, name, no, one, open, php, problem, request, server, servers, site, ssl, talk, time, to, tutorial, ua, verifyhost, verifypeer, virtual amp, check, cURL, fwo, internet, leave-yourself, open, passed-between, php, problem, Read, talk, tutorial, verifypeer
