HackerTrans
トップ新着トレンドコメント過去質問紹介求人

kichik

no profile record

コメント

kichik
·6 か月前·議論
Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
kichik
·7 か月前·議論
Invoke-WebRequest is also very slow if you forget to disable the progress bar with $ProgressPreference = 'SilentlyContinue'

PowerShell has some "interesting" design choices...
kichik
·7 か月前·議論
The echo server will have no knowledge on how to construct the string to be signed.
kichik
·7 か月前·議論
You are indeed misunderstanding me. I am talking about returning the entire string to be signed. Not the result of the signature.
kichik
·8 か月前·議論
You can save the expected string to a file, save your string to a file, and run diff on a hexdump of both. Even without hexdump, you should see the difference between "\n" and "\\n" in properly escaped output.
kichik
·8 か月前·議論
Not exactly the point of this article, but it would be cool if APIs like this can return the expected signed string for debugging. It would have to be properly limited for security. But if the API is expecting non-standard signatures, it could help developers with better debugging tools.