Re: GZipMiddleWare documentation

2013-09-10 Thread Russell Keith-Magee
Here's a draft for inclusion right underneath the heading introducing GZipMiddleware .. admonition: Security researchers recently revealed that when compression techniques (including GZipMiddlware) are used on a website, a site becomes exposed to a number of possible attacks. These approaches c

Re: GZipMiddleWare documentation

2013-09-10 Thread Daniele Procida
On Fri, Aug 9, 2013, Daniele Procida wrote: >What should the documents have to say on the subject now, in light of >? > > I'm rasising this issue again, because our documentation sti

Re: GZipMiddleWare documentation

2013-08-10 Thread Florian Apolloner
Hi, On Saturday, August 10, 2013 9:54:02 AM UTC+2, Daniele Procida wrote: > > There is this discussion: > which concludes that it shouldn't be deprecated because some versions of > nginx ( don't

Re: GZipMiddleWare documentation

2013-08-10 Thread Daniele Procida
On Sat, Aug 10, 2013, Russell Keith-Magee wrote: >I also have a nagging feeling in the back of my head that there have been >questions raised about whether GZIPMiddleware should exist *at all* -- that >there's some niggling detail in the WSGI spec that says that GZip >compression should be applie

Re: GZipMiddleWare documentation

2013-08-10 Thread Aymeric Augustin
On 10 août 2013, at 05:09, Russell Keith-Magee wrote: > I also have a nagging feeling in the back of my head that there have been > questions raised about whether GZIPMiddleware should exist *at all* -- that > there's some niggling detail in the WSGI spec that says that GZip compression > shou

Re: GZipMiddleWare documentation

2013-08-09 Thread Donald Stufft
On Aug 9, 2013, at 11:09 PM, Russell Keith-Magee wrote: > Historically, we haven't updated our documentation to point out bugs, but in > this case, given that there are ongoing security implications, I think it > might be worthwhile to draw attention to this. I agree with documenting. > >

Re: GZipMiddleWare documentation

2013-08-09 Thread Russell Keith-Magee
On Sat, Aug 10, 2013 at 5:42 AM, Daniele Procida wrote: > What should the documents have to say on the subject now, in light of < > https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/>? > > > > Historically, we haven't updated our docu

GZipMiddleWare documentation

2013-08-09 Thread Daniele Procida
What should the documents have to say on the subject now, in light of ? Daniele -- You received this message because you are subscribed to the Google Groups "Django developers" g