Christian Folini
Christian Folini
I'm not familiar with this technology. BUT, when I think about reflection attacks, request smuggling and all the odd things people like James Kettle, Gareth Hayes etc. come up with,...
Ah, this is always such a thin line. But pharmasound is part of a word, while the asound we have in mind stands on its own. Maybe we can this...
Thank you @touchweb-vincent. I think your simple PR is a reasonable step in the right direction. As you correctly point out, the PR is not a complete solution, but it...
Thank you @touchweb-vincent. Like @dkegel-fastly, I see a high risk of new false positives. Truth be told, the generalization of the regex at PL1 is very ambitious. But also the...
I'm with @touchweb-vincent in this discussion. But this also looks like a fundamental problem that warrants a conceptual discussion. The core argument is - as far as I understand it:...
Hi @touchweb-vincent, so we discussed this at the retreat. This is a fundamental discussion and it is important. And we think we might have found an acceptable position for everyone....
I do not see this detected by 942430, but by 942431 at PL3. And then the aforementioned PL4 rules. Yet I do not think we can rely on PL3 and...
Now that's what I call a schoolbook example of a very good contribution to a CRS discussion. Thank you very much @ronanlaunayenovacom.
This is a worth while discussion. Thanks for launching it.