wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/tests
History
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH 
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
..
acceptance
core [avatar] add error handlers for avatar setup 2015-07-30 18:05:32 +02:00
data Check for methods as good as possible 2015-07-17 12:34:56 +02:00
lib Add mitigation against BREACH 2015-08-14 01:31:32 +02:00
ocs Following the spec: 2015-08-05 17:49:44 +02:00
ocs-provider Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
settings Add setup check for reverse proxy header configuration 2015-08-10 23:28:16 +01:00
apps.php do not execute integration tests when executing autotest.sh 2015-05-15 16:38:21 +02:00
bootstrap.php Fixing unit test execution 2015-07-03 18:00:16 +02:00
enable_all.php
karma.config.js Update JS unit test libs 2015-07-10 11:21:47 +02:00
phpunit-autotest-external.xml
phpunit-autotest.xml Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
phpunit.xml.dist Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
preseed-config.php
startsessionlistener.php