Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8510

Secure, passwordless RSS feeds

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Duplicate
    • None
    • None
    • All
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Currently if you run locked-down (login required) server you need to use your username and password to retrieve RSS feeds. When using a 3rd party reader (such as Google Reader) this inevitably means exposing your global username and password.

      Fisheye solves this by generating a hash during a user login which is then stored with the user details. Only URLS containing this hash will authenticate. Deleting this hash from the DB is effectively a global logout. An additional bonus is that you can create hashes on a per-resource basis; you could create a hash for the RSS feed and one to enable an attachment to be accessible externally (e.g. an image) and the compromise of one does not mean the compromise of the other.

      Attachments

        Issue Links

          duplicates

          Suggestion - CONFSERVER-4329 Token-based authentication for RSS

          • Closed

          Activity

            People

              Unassigned Unassigned
              ssmith Steve Smith (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: