[openstack-dev] [horizon][bug] Mitigation to BREACH vulnerability
Matthias Runge
mrunge at redhat.com
Mon Nov 23 10:25:21 UTC 2015
On Fri, Nov 20, 2015 at 10:00:30PM +0000, BARTRA, RICK wrote:
> Until django releases an official patch for the BREACH vulnerability, I think we should take a look at django-debreach. The django-debreach package provides some, possibly enough, protection against a BREACH attack. Its integration to Horizon is clear by following the configuration found here: https://pypi.python.org/pypi/django-debreach
>
>
> The proposed change to Horizon: https://review.openstack.org/#/c/247838/
>
> The proposed change to Requirements: https://review.openstack.org/#/c/248233/
Thank you for proposing this
still I believe, this is
a) security hardening to be done by deployers
b) something not specific to Horizon, and a solution should be integrated in
Django, not just in a single application using Django.
Matthias
--
Matthias Runge <mrunge at redhat.com>
More information about the OpenStack-dev
mailing list