This one's got a fix that was verified and code-reviewed, but now the rebase causes conflicts. So, we should try to get it straightened out for inclusion in 1.8.0, and 1.7.1 (since leaving sensitive information unencrypted is a security problem).
** Changed in: mahara Importance: Medium => High ** Changed in: mahara Milestone: 1.7.0 => 1.8.0 ** Changed in: mahara Importance: High => Critical -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contrib members https://bugs.launchpad.net/bugs/1016253 Title: Authenticated RSS feeds should encrypt login credentials Status in Mahara ePortfolio: In Progress Bug description: The externalfeed block should protect user credentials when authenticated RSS feeds are used. The blocktype in Mahara 1.5.1 appears to store login credentials in cleartext within the database. This presents an unfortunate vulnerability that could give access to other systems should Mahara's database be compromised. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1016253/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp