Hi, I was referring to the practice of using http://nodejs.org/api/zlib.html for compression. You can see even ExpressJS <http://expressjs.com/api.html> implement the same.
- Chris On Wednesday, August 14, 2013 1:55:04 AM UTC+5:30, Ben Noordhuis wrote: > > On Tue, Aug 13, 2013 at 2:16 PM, Chris Wakare > <[email protected]<javascript:>> > wrote: > > Hello, > > > > During the 2013 Black Hat conference , researchers announced the BREACH > > attack. As BREACH takes advantage of vulnerabilities when serving > compressed > > data over SSL/TLS, its been advised to disable compression of web > responses. > > > > I see this holds true for nodejs applications as well as we by practice > > always enable http compression. > > Who is 'we' in this context? The core http and tls libraries don't do > compression. > > > Do refer https://www.blackhat.com/us-13/briefings.html#Prado for more > > details > > > > Regards, > > Chris Wakare > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
