I'm +0 for this, in that I think it is a good idea, but not something that is a must have. We already imply the scheme, cut out the authority, so why not complete the decomposition. cheers On 21 July 2014 11:33, Roberto Peon <grmocg@gmail.com> wrote: > One doesn't have to guess path + query, one only guess the query. > In some scenarios, this enhances the attacker's ability to probe. > The question is, does it do so enough for us to care. > > -=R > > > On Sun, Jul 20, 2014 at 2:05 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> > wrote: > >> In message <CAP+FsNfy-3V_BRcqa1ATts7SgX= >> hqEDvtK7LjuA5iHAG3gaBEQ@mail.gmail.com> >> , Roberto Peon writes: >> >> >It could make guessing things potentially easier. >> >> Please explain ? >> >> -- >> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 >> phk@FreeBSD.ORG | TCP/IP since RFC 956 >> FreeBSD committer | BSD since 4.3-tahoe >> Never attribute to malice what can adequately be explained by >> incompetence. >> > > -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.Received on Monday, 21 July 2014 01:51:19 UTC
This archive was generated by hypermail 2.3.1 : Monday, 18 November 2019 18:02:00 UTC