[Qgis-developer] Plugin repository latency
Alex M
tech_dev at wildintellect.com
Mon Jun 6 09:14:14 PDT 2016
On 06/06/2016 08:35 AM, Matthias Kuhn wrote:
> Hi
>
> I think it is enabled on both sides, at least that's what measurements
> indicate. My previous assumptions that it's not enabled were based on
> Richards statement about the size of 1MB.
>
> @Alex, we are already using https by default, do you have any chance to
> verify if we are affected by the mentioned security flaw?
>
> Matthias
>
We might be ok because there's no authentication cookies in the plugin
lookup, at least for our Public repo. For those entities running private
authenticated repos this could be an issue.
https://en.wikipedia.org/wiki/BREACH_%28security_exploit%29
https://en.wikipedia.org/wiki/CRIME
https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack
-Alex
More information about the Qgis-developer
mailing list