moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

minor updates

Browse Source
This commit is contained in:
Daniel Stenberg 2004-12-07 23:08:28 +00:00
parent 7fd1ce4dc3
commit 163518778c
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/TheArtOfHttpScripting
View File

@ -1,7 +1,5 @@
Online: http://curl.haxx.se/docs/httpscripting.shtml Online: http://curl.haxx.se/docs/httpscripting.shtml
Author: Daniel Stenberg <daniel@haxx.se> Date: December 7, 2004
Date: November 6, 2001
Version: 0.6
The Art Of Scripting HTTP Requests Using Curl The Art Of Scripting HTTP Requests Using Curl
============================================= =============================================
@ -229,25 +227,25 @@ Version: 0.6
curl -U proxyuser:proxypassword curl.haxx.se curl -U proxyuser:proxypassword curl.haxx.se
If your proxy requires the authentication to be done using the NTLM method, If your proxy requires the authentication to be done using the NTLM method,
use --proxy-ntlm. use --proxy-ntlm, if it requires Digest use --proxy-digest.
If you use any one these user+password options but leave out the password If you use any one these user+password options but leave out the password
part, curl will prompt for the password interactively. part, curl will prompt for the password interactively.
Do note that when a program is run, its parameters are possible to see when Do note that when a program is run, its parameters might be possible to see
listing the running processes of the system. Thus, other users may be able to when listing the running processes of the system. Thus, other users may be
watch your passwords if you pass them as plain command line options. There able to watch your passwords if you pass them as plain command line
are ways to circumvent this. options. There are ways to circumvent this.
7. REFERER 7. REFERER
A HTTP request may include a 'referer' field, which can be used to tell from A HTTP request may include a 'referer' field (yes it is misspelled), which
which URL the client got to this particular resource. Some programs/scripts can be used to tell from which URL the client got to this particular
check the referer field of requests to verify that this wasn't arriving from resource. Some programs/scripts check the referer field of requests to verify
an external site or an unknown page. While this is a stupid way to check that this wasn't arriving from an external site or an unknown page. While
something so easily forged, many scripts still do it. Using curl, you can put this is a stupid way to check something so easily forged, many scripts still
anything you want in the referer-field and thus more easily be able to fool do it. Using curl, you can put anything you want in the referer-field and
the server into serving your request. thus more easily be able to fool the server into serving your request.
Use curl to set the referer field with: Use curl to set the referer field with:
@ -379,9 +377,15 @@ Version: 0.6
curl -E mycert.pem https://that.secure.server.com curl -E mycert.pem https://that.secure.server.com
curl also tries to verify that the server is who it claims to be, by curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a CA cert bundle. Failing the verifying the server's certificate against a locally stored CA cert
verification will cause curl to deny the connection. You must then use -k in bundle. Failing the verification will cause curl to deny the connection. You
case you want to tell curl to ignore that the server can't be verified. must then use -k in case you want to tell curl to ignore that the server
can't be verified.
More about server certificate verification and ca cert bundles can be read
in the SSLCERTS document, available online here:
http://curl.haxx.se/docs/sslcerts.html
12. REFERENCES 12. REFERENCES