Feature #2078
HTTP Basic authentication for feeds
Status: | New | Start date: | 2008-10-24 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Feeds | |||
Target version: | - | |||
Resolution: |
Description
Hi,
First of all, let me say that Redmine is a great product. However, I recently noticed that the feed URLs generated by Redmine include the key necessary to grant access to the content. I am not too comfortable with this solution because I am afraid that users will pass URLs around causing a security issue.
It would be nice to have the possibility to use HTTP Basic authentication instead. Coupled with SSL, it is a simple approach that works with many feed readers and doesn't have the aforementioned issue. I am not particularly familiar with Ruby on Rails, but according to this blog entry1, it seems like an easy thing to do.
[1] http://www.rorsecurity.info/journal/2007/10/18/http-authentication-and-feed-security.html
History
#1
Updated by Mischa The Evil over 7 years ago
This has also been discussed in the forums, see
.