|
|
|
|
|
|
by thadt
1380 days ago
|
|
|
Eh, it's not just current web serving protocols. Any protocol where: - An application uses compression - An attacker is able to supply chosen data to it - The application compresses the attacker's data and static secret data together - The attacker is able to monitor the size of the compressed data - This can be repeated by the attacker a number of times will be vulnerable to having its secret data stolen by techniques like BREACH. If you want your secret data to stay secret, don't compress it with attacker chosen plaintext where the resulting size could be monitored. |
|
|