Join GitHub today
Yii2 vulnerability to "BREACH" attacks? #1634
I just read about a new type of attack, introduced at this year's Black Hat conference: http://breachattack.com/
It is not application-specific: apparently the attack works on any website using HTTP compression (which is default in Apache as far as I know), user data being returned in the HTTP response body and a CSRF token being served.
To what extend would a vanilla Yii2 setup on a LAMP machine with default settings be vulnerable?