NVJ
Reputation: 39
Length hiding (by adding a random number of bytes to the responses) for preventing BREACH attack in spring MVC
Length hiding (by adding a random number of bytes to the responses) is one of the mitigations for a BREACH attack. How can we implement this in a spring application?
Upvotes: 0
Views: 382
Answers (1)
tisho
Reputation: 136
You can add a random number of bytes to the responses that your application sends out by using a Spring MVC interceptor.In the postHandle method, you can use the HttpServletResponse object to add a random number of bytes to the response body and set the Content-Length header to the correct value, taking into account the additional bytes that you have added.
You can take a look at HandlerInterceptor
Upvotes: 0
Related Questions
- Hiding sensitive information in response
- How to stop Spring MVC from automatically adding the "Content-Length: 0" header to HEAD responses?
- Integer overflow attack mitigation in Spring Rest API
- Limit size of http application/json request body in Spring, tomcat
- ASP.NET Core 2.2 Upgrade - IIS: limit request content length
- How can I remove excessive response header information from Azure Web-Apps?
- How to keep ResponseBody on 204 No Content response?
- Limit HTTP response size on Spring WebFlux
- How to proxy HTTP requests in Spring MVC?
- Hide/Mask Confidential Data In Spring REST Response