Project

General

Profile

Actions

Feature #2078

open

HTTP Basic authentication for feeds

Added by Ismael Juma about 16 years ago. Updated about 10 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Feeds
Target version:
-
Start date:
2008-10-24
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Hi,

First of all, let me say that Redmine is a great product. However, I recently noticed that the feed URLs generated by Redmine include the key necessary to grant access to the content. I am not too comfortable with this solution because I am afraid that users will pass URLs around causing a security issue.

It would be nice to have the possibility to use HTTP Basic authentication instead. Coupled with SSL, it is a simple approach that works with many feed readers and doesn't have the aforementioned issue. I am not particularly familiar with Ruby on Rails, but according to this blog entry1, it seems like an easy thing to do.

[1] http://www.rorsecurity.info/journal/2007/10/18/http-authentication-and-feed-security.html

Actions #1

Updated by Mischa The Evil about 10 years ago

This has also been discussed in the forums, see How do I remove/disable atom rss feed.

Actions

Also available in: Atom PDF