On Fri, Nov 20, 2015 at 10:00:30PM +0000, BARTRA, RICK wrote: > Until django releases an official patch for the BREACH vulnerability, I think > we should take a look at django-debreach. The django-debreach package > provides some, possibly enough, protection against a BREACH attack. Its > integration to Horizon is clear by following the configuration found here: > https://pypi.python.org/pypi/django-debreach > > > The proposed change to Horizon: https://review.openstack.org/#/c/247838/ > > The proposed change to Requirements: https://review.openstack.org/#/c/248233/
Thank you for proposing this still I believe, this is a) security hardening to be done by deployers b) something not specific to Horizon, and a solution should be integrated in Django, not just in a single application using Django. Matthias -- Matthias Runge <mru...@redhat.com> __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev