How do I lock it down so only logged in users can view projects etc?
Page: 1
Recent posts in this topic
It seems anyone on the net can view what they like and add what they like anonymously... especially thru the RSS feed.
As I dont want outsiders ear-winging on clients etc, how do I make sure only account holders can get in?
As I dont want outsiders ear-winging on clients etc, how do I make sure only account holders can get in?
Ilija Studen
on Aug 30. 2007. 5:38 am
RSS links are protected with tokens so it is not true that anyone can access them.
Also, RSS is read-only technology. You cannot use RSS to alter or delete anything in activeCollab.
Have fun! :)
Also, RSS is read-only technology. You cannot use RSS to alter or delete anything in activeCollab.
Have fun! :)
activeCollab team member
That's reassuring - but i was able to copy the rss link to the Opera browser and it didnt ask me to log in, it just gave me direct access.
Ilija Studen
on Aug 31. 2007. 6:05 am
That is because authentication data is included in the URL.
Try to remove token variable from the URL, copy it to Opera and than try to login. Now try to guess your token.
Try to remove token variable from the URL, copy it to Opera and than try to login. Now try to guess your token.
activeCollab team member
so does that mean that all anyone needs to hav access is to hav a copy of the rss link?
Ilija Studen
on Sep 2. 2007. 6:06 am
Yes - the same way as someone needs a copy of your password to access the entire system :)
Token is generated randomly per user, it is changed every time user changes the password and RSS and iCal URL-s are generated for logged in user only. If you don't trust the system that everyone is using without any problems you can alter FeedController and make all actions unusable.
Token is generated randomly per user, it is changed every time user changes the password and RSS and iCal URL-s are generated for logged in user only. If you don't trust the system that everyone is using without any problems you can alter FeedController and make all actions unusable.
activeCollab team member
Topic is locked. If you have something important to say about issues discussed on this page please write at hi@a51dev.com.
