This one's got a fix that was verified and code-reviewed, but now the
rebase causes conflicts. So, we should try to get it straightened out
for inclusion in 1.8.0, and 1.7.1 (since leaving sensitive information
unencrypted is a security problem).
** Changed in: mahara
Importance: Medium => High
** Changed in: mahara
Milestone: 1.7.0 => 1.8.0
** Changed in: mahara
Importance: High => Critical
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login credentials
Status in Mahara ePortfolio:
In Progress
Bug description:
The externalfeed block should protect user credentials when
authenticated RSS feeds are used. The blocktype in Mahara 1.5.1
appears to store login credentials in cleartext within the database.
This presents an unfortunate vulnerability that could give access to
other systems should Mahara's database be compromised.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1016253/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
