HackerTrans
热门最新趋势评论往期问答秀出招聘

kichik

no profile record

评论

kichik
·6个月前·讨论
Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
kichik
·7个月前·讨论
Invoke-WebRequest is also very slow if you forget to disable the progress bar with $ProgressPreference = 'SilentlyContinue'

PowerShell has some "interesting" design choices...
kichik
·7个月前·讨论
The echo server will have no knowledge on how to construct the string to be signed.
kichik
·7个月前·讨论
You are indeed misunderstanding me. I am talking about returning the entire string to be signed. Not the result of the signature.
kichik
·8个月前·讨论
You can save the expected string to a file, save your string to a file, and run diff on a hexdump of both. Even without hexdump, you should see the difference between "\n" and "\\n" in properly escaped output.
kichik
·8个月前·讨论
Not exactly the point of this article, but it would be cool if APIs like this can return the expected signed string for debugging. It would have to be properly limited for security. But if the API is expecting non-standard signatures, it could help developers with better debugging tools.