FrontAccounting forum — Website Compression

Re: Website Compression

null@example.com (carmelr) — Fri, 12 Oct 2012 14:30:26 +0000

Firebug? That's a good idea.

Thanks
Carmelo

Re: Website Compression

null@example.com (itronics) — Fri, 12 Oct 2012 13:51:47 +0000

Thanks, interesting article. Still I see no sensible explanation how html rendering in browser can depend on whether SSL compression is used or not. Have you tried to use Firebug or something similar to debug the problem?
Janusz

Re: Website Compression

null@example.com (carmelr) — Fri, 12 Oct 2012 13:19:27 +0000

The problem with compression is that it leaks information that can be used by a third party.
We are creating a PCI DSS Compliant site for Front Accounting as we want to protect the financial information of those using the site. Removing compression is one of the requisites. See the following:
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Regards
Carmelo

Re: Website Compression

null@example.com (itronics) — Fri, 12 Oct 2012 13:05:22 +0000

Wird, I have no idea. Just curious, what is unsafe in using compression?
Janusz

Website Compression

null@example.com (carmelr) — Thu, 11 Oct 2012 18:37:59 +0000

Hi,
I am trying to increase the security of my site hosting FrontAccounting. One of the security requirements is to remove the compression (gzip) of the site.

However, as soon as I do that, the third column in the reports section of FrontAccounting, seizes to work.
Anyone knows the reason for this?

Thanks in advance
Carmelo