- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 21 Jul 2014 15:29:44 +0200
- To: Martin Thomson <martin.thomson@gmail.com>, Willy Tarreau <w@1wt.eu>
- CC: Roberto Peon <grmocg@gmail.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Phil Hunt <phil.hunt@oracle.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 2014-07-21 15:20, Martin Thomson wrote: > On 21 July 2014 00:53, Willy Tarreau <w@1wt.eu> wrote: >> >> I'm not sure what you mean, we're speaking about having a single :query >> for whatever follows the question mark, right ? If so, all the params >> must be tried as a single block. > > Yes, but there could be cases where the combination of path and query > contain sufficiently high entropy in combination, but one or other > contains insufficient entropy on its own to resist guessing attacks. ...again, if we do things like that please do not couple it with "?". Just have two parts that get concatenated verbatim to reconstruct the full path+query. Best regards, Julian
Received on Monday, 21 July 2014 13:31:04 UTC