Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
-
All
Description
Currently if you run locked-down (login required) server you need to use your username and password to retrieve RSS feeds. When using a 3rd party reader (such as Google Reader) this inevitably means exposing your global username and password.
Fisheye solves this by generating a hash during a user login which is then stored with the user details. Only URLS containing this hash will authenticate. Deleting this hash from the DB is effectively a global logout. An additional bonus is that you can create hashes on a per-resource basis; you could create a hash for the RSS feed and one to enable an attachment to be accessible externally (e.g. an image) and the compromise of one does not mean the compromise of the other.
Attachments
Issue Links
- duplicates
-
CONFSERVER-4329 Token-based authentication for RSS
- Closed