On Aug 13, 2013, at 07:16, Chris Wakare wrote: > During the 2013 Black Hat conference , researchers announced the BREACH > attack. As BREACH takes advantage of vulnerabilities when serving compressed > data over SSL/TLS, its been advised to disable compression of web responses. > > I see this holds true for nodejs applications as well as we by practice > always enable http compression. > > Do refer https://www.blackhat.com/us-13/briefings.html#Prado for more details
I have not read the page you refer to (TL;DR) but surely the correct solution is to fix whatever vulnerabilities may exist in compression with SSL, rather than to disable it. Compression is highly desirable and widely advocated, for all the obvious reasons. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
