[CONFSERVER-8510] Secure, passwordless RSS feeds

Type: Suggestion
Resolution: Duplicate
Fix Version/s: None
Component/s: None
Labels:
- rss/atom-feeds
Environment:
All

Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Currently if you run locked-down (login required) server you need to use your username and password to retrieve RSS feeds. When using a 3rd party reader (such as Google Reader) this inevitably means exposing your global username and password.

Fisheye solves this by generating a hash during a user login which is then stored with the user details. Only URLS containing this hash will authenticate. Deleting this hash from the DB is effectively a global logout. An additional bonus is that you can create hashes on a per-resource basis; you could create a hash for the RSS feed and one to enable an attachment to be accessible externally (e.g. an image) and the compromise of one does not mean the compromise of the other.

duplicates

CONFSERVER-4329 Token-based authentication for RSS

Closed

AudraA added a comment - 12/Oct/2009 11:15 PM

Dupe of ~~CONF-4329~~, consolidating to one issue. Please vote & comment on ~~CONF-4329~~.

AudraA added a comment - 12/Oct/2009 11:15 PM Dupe of CONF-4329 , consolidating to one issue. Please vote & comment on CONF-4329 .

Assignee:: Unassigned

Reporter:: Steve Smith (Inactive)

Votes:: 4 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 16/May/2007 5:19 AM

Updated:: 19/Sep/2019 5:23 AM

Resolved:: 12/Oct/2009 11:15 PM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: AudraA added a comment - 12/Oct/2009 11:15 PM

Expand comment: AudraA added a comment - 12/Oct/2009 11:15 PM

People

Dates