Topic: Website Compression

Hi,
I am trying to increase the security of my site hosting FrontAccounting. One of the security requirements is to remove the compression (gzip) of the site.

However, as soon as I do that, the third column in the reports section of FrontAccounting, seizes to work.
Anyone knows the reason for this?

Thanks in advance
Carmelo

Re: Website Compression

Wird, I have no idea. Just curious, what is unsafe in using compression?
Janusz

Re: Website Compression

The problem with compression is that it leaks information that can be used by a third party.
We are creating a PCI DSS Compliant site for Front Accounting as we want to protect the financial information of those using the site. Removing compression is one of the requisites. See the following:
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Regards
Carmelo

Re: Website Compression

Thanks, interesting article. Still I see no sensible explanation how html rendering in browser can depend on whether SSL compression is used or not. Have you tried to use Firebug or something similar  to debug the problem?
Janusz

Re: Website Compression

Firebug? That's a good idea.

Thanks
Carmelo