Re: consensus on :query ?

On Mon, Jul 21, 2014 at 6:20 AM, Martin Thomson <>

> On 21 July 2014 00:53, Willy Tarreau <> wrote:
> >
> > I'm not sure what you mean, we're speaking about having a single :query
> > for whatever follows the question mark, right ? If so, all the params
> > must be tried as a single block.
> Yes, but there could be cases where the combination of path and query
> contain sufficiently high entropy in combination, but one or other
> contains insufficient entropy on its own to resist guessing attacks.

I concur with Martin's analysis

Consider the case where we have sensitive information split between the
path and the query. E.g.<password>

If the username is unknown, this lets them be guessed independently.


Received on Monday, 21 July 2014 13:25:13 UTC