If the caller puts it in the query string and you log that? It doesn't have to be valid in your application to make an attacker pass it in.
So unless you're not logging your request path/query string you're doing something very very wrong by your own logic :).
I can't imagine diagnosing issues with web requests and not be given the path + query string. You can diagnose without but you're sure not making things easier
So unless you're not logging your request path/query string you're doing something very very wrong by your own logic :). I can't imagine diagnosing issues with web requests and not be given the path + query string. You can diagnose without but you're sure not making things easier