upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-24 15:53:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
nextcloud/lib
History
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH 
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
..
l10n [tx-robot] updated from transifex 2015-07-31 01:56:30 -04:00
private Add mitigation against BREACH 2015-08-14 01:31:32 +02:00
public Merge pull request #16528 from owncloud/activity-302-improve-settings 2015-08-11 11:24:27 +02:00
repair Remove unnecessary DB prefixes from existing query builder usages 2015-08-10 16:21:41 +02:00
autoloader.php Remove OC_Log 2015-07-03 18:00:16 +02:00
base.php Add mitigation against BREACH 2015-08-14 01:31:32 +02:00