Paweł Krawczyk

Hi @apbendi yes sure, the general notice is posted here https://webcookies.org/doc/penetration-testing and soon we'll be adding a "proper" interface for DAI payments for automated & privacy scans the website offers

@chris-rock _any_ set at the proxy value prevents the attack - the vector only works if it can be set arbitrarily from the HTTP request. So a mere check for...

Plese note this creates a potential vector for BREACH attack as documented in similar discussion on Brotli here https://answers.launchpad.net/ubuntu/+source/nginx/+question/678209

@felixhandte I think the point the Ubuntu Security Team had in the Brotli discussion linked above was that `text/html` is compressed by default and you _cannot_ disable it. I'm just...

Ah, just as I expected - #5 :)

Ok, I now see it's an actually issue with the underlying `pgx` library - if anyone else comes here from DuckDuckGo can you please upvote here https://github.com/jackc/pgx/issues/451

@x4m Any luck with this one?

@x4m I'm not very familiar with Go and I can't even get your unmodified code to compile - it crashes with: ``` (cd main/pg && go build -tags "brotli lzo"...

Doesn't seem to be really working :cry: using the latest release binary: ``` postgres@tyler:~$ /usr/bin/envdir /etc/wal-e.d /usr/local/bin/wal-g backup-push /var/lib/postgresql/12/main/ INFO: 2019/12/27 15:01:01.490527 Doing full backup. ERROR: 2019/12/27 15:01:01.503507 unexpected message...

@x4m It seems like SCRAM only appeared in 4.6.0 of pgx https://github.com/jackc/pgx/commit/5044e8473ad948114b6cb63f6f30f94fc7834667 and you bumped to 3.6.0.