Nobody did, but that is how life goes. An attack is found. A defense is found. A... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		btilly on Aug 3, 2013 \| parent \| context \| favorite \| on: Running Rails? Defend yourself against BREACH Nobody did, but that is how life goes. An attack is found. A defense is found. And you can't build a secure system without knowing all of the attacks and corresponding defenses.

homakov on Aug 3, 2013 [–]

i wouldn't call it a proper defense, rather a work around. besides CSRF tokens there are lots of secret strings, and it's not website's problem to avoid wiretapping

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact