Commit fc925583 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Add type to frontmatter

parent 5e05ec3b
---
comments: false
type: index
---
# Security
......
---
type: reference
---
# How we manage the TLS protocol CRIME vulnerability
> CRIME ("Compression Ratio Info-leak Made Easy") is a security exploit against
......@@ -7,7 +11,7 @@ authentication cookies, it allows an attacker to perform session hijacking on an
authenticated web session, allowing the launching of further attacks.
([CRIME](https://en.wikipedia.org/w/index.php?title=CRIME&oldid=692423806))
### Description
## Description
The TLS Protocol CRIME Vulnerability affects compression over HTTPS, therefore
it warns against using SSL Compression (for example gzip) or SPDY which
......@@ -24,7 +28,7 @@ Although SPDY is enabled in Omnibus installations, CRIME relies on compression
(the 'C') and the default compression level in NGINX's SPDY module is 0
(no compression).
### Nessus
## Nessus
The Nessus scanner, [reports a possible CRIME vulnerability][nessus] in GitLab
similar to the following format:
......@@ -50,7 +54,7 @@ attack nor does it check if compression is enabled. With just this approach, it
cannot tell that SPDY's compression is disabled and not subject to the CRIME
vulnerability.
### References
## References
- Nginx ["Module ngx_http_spdy_module"][ngx-spdy]
- Tenable Network Security, Inc. ["Transport Layer Security (TLS) Protocol CRIME Vulnerability"][nessus]
......
---
type: concepts
---
# Information exclusivity
Git is a distributed version control system (DVCS).
......
---
type: reference, howto
---
# Custom password length limits
If you want to enforce longer user passwords you can create an extra Devise initializer with the steps below.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment