How to prevent BREACH attack in ASP.NET MVC Core?
问题 I have been advised to implement the following items in our ASP.NET MVC Core site to prevent a BREACH attack. How do you implement them? Separate the secrets from the user input. Randomize the secrets in each client request. Mask secrets (effectively randomizing by XORing with a random secret per request). Obfuscate the length of web responses by adding random amounts of arbitrary bytes. We have already implemented Anti-Cross Site Forgery Tokens on every form and turned off Http Level