nextcloud/lib/private/appframework
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
..
core Update license headers 2015-03-26 11:44:36 +01:00
db Add a log message when the Doctrine Query Builder is retrieved 2015-07-21 15:53:28 +02:00
dependencyinjection Merge pull request #17852 from owncloud/register-alias-factory 2015-08-11 13:30:56 +01:00
http Add mitigation against BREACH 2015-08-14 01:31:32 +02:00
middleware Return proper status code in case of a CORS exception 2015-07-20 12:54:22 +02:00
routing Update license headers 2015-03-26 11:44:36 +01:00
utility Merge pull request #17982 from owncloud/appframework-sanitize-name 2015-08-12 12:19:24 +02:00
app.php update license headers and authors 2015-06-25 14:13:49 +02:00
http.php Update license headers 2015-03-26 11:44:36 +01:00