aC forum: RSS not protected?

Post #5 by Ilija Studen

Ilija Studen — Tue, 07 Aug 2007 05:58:55 CDT

Yeah, visit to RSS feed with a proper token will create a new session for you.

We fixed that problem in activeCollab 1.0. Logging in with token gives you access only for that request.

Post #4 by WhiskI

WhiskI — Tue, 07 Aug 2007 05:55:39 CDT

The problem is maybe on the other side - checking RSS made me automaticaly logged and via web browser I don't need to login!
So as far as my RSS reader is running, anybody at my computer has my (admin) rights without need to login to AC :(
It's not a big problem, but I want to warn...
(sorry for anglisch :)

Post #3 by suntrop

suntrop — Tue, 07 Aug 2007 03:10:35 CDT

Ok, thanks for your answer. I didn't know that :-)

Post #2 by Ilija Studen

Ilija Studen — Fri, 03 Aug 2007 09:04:35 CDT

RSS is protected with a password based token that is used to authenticate user and serve only the data he or she can see.

To see what I am talking about try to access RSS feed without knowing that weird 40 letters long parameter in the URL.

Post #1 by suntrop

suntrop — Fri, 03 Aug 2007 08:59:04 CDT

Hi,

I've noticed that the RSS Feed isn't password protected so anybody on the web could actually see what is going on and what I have done. Maybe this is good for some reasons and customers can see the latest changes, but not for me and my company. Is there a chance to stop the RSS Feed or is it planned to protect this?

Thanks for your answer.

regards
- Sebastian -