On Mon, May 20, 2024 at 4:12 PM Magnus Hagander <mag...@hagander.net> wrote: > That used to be the case in HTTP/1. But header compression was one of the > headline features of HTTP/2, which isn't exactly new anymore. But there's a > special algorithm, HPACK, for it. And then http/3 uses QPACK. Cloudflare has > a pretty decent blog post explaining why and how: > https://blog.cloudflare.com/hpack-the-silent-killer-feature-of-http-2/, or > rfc7541 for all the details. > > tl;dr; is yes, let's be careful not to expose headers to a CRIME-style > attack. And I doubt our connections has as much to gain by compressing > "header style" fields as http, so we are probably better off just not > compressing > Work: https://www.redpill-linpro.com/
What do you think constitutes a header in the context of the PostgreSQL wire protocol? -- Robert Haas EDB: http://www.enterprisedb.com
