|
|
|
|
|
|
by Fnoord
1385 days ago
|
|
|
Usually its https nowadays but other than that there's methods a hostile webserver can detect whether the content is piped or not (IIRC I/O speed). It can decide to inject different commands based on whether it is piped or not. So you need to end up writing to a file with redirect or tee. Or by using a hash of the script. We do that with binaries, why not with scripts? If its complex enough, a shell script should be considered source code. |
|
|