** Information type changed from Private Security to Public Security
** Changed in: mahara/1.5
Milestone: None => 1.5.10
** Changed in: mahara/1.6
Milestone: None => 1.6.5
** Changed in: mahara/1.7
Milestone: None => 1.7.1
** Changed in: mahara/1.5
Status: Fix Committed => Fi
This one's got a fix that was verified and code-reviewed, but now the
rebase causes conflicts. So, we should try to get it straightened out
for inclusion in 1.8.0, and 1.7.1 (since leaving sensitive information
unencrypted is a security problem).
** Changed in: mahara
Importance: Medium => High
For testing:
URL: http://ptcjsc.com/wp/?feed=rss2
Username: tester
Password: qwe123
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login
Hi Kristina;
I will create an authenticated RSS for you to test.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login credentials
Statu
Do you have an RSS feed with credentials that can be used for testing,
Son?
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login credenti
** Changed in: mahara
Milestone: 1.6.0 => 1.7.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login credentials
Status in Mahara eP
https://reviews.mahara.org/#/c/1440/
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS feeds should encrypt login credentials
Status in Mahara ePortfolio:
In
** Changed in: mahara
Assignee: (unassigned) => Son Nguyen (ngson2000)
** Changed in: mahara
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
** Changed in: mahara
Milestone: None => 1.6.0
** Changed in: mahara
Status: Triaged => Confirmed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS f
** Changed in: mahara
Status: New => Triaged
** Changed in: mahara
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253
Title:
Authenticated RSS f
The scope of this is a bit larger than the LDAP credentials, given the
potential variety in accessible domains.
One could potentially use key-based encryption, storing the key in
config.php, using mcrypt. It wouldn't be bulletproof, but it would
prevent against SQL injection attacks or misplaced
This is similar to https://bugs.launchpad.net/mahara/+bug/611045 - if
it's not stored in cleartext, the feed can't be updated later. I guess
there could be an option to grab the feed once only on block
configuration, then throw the password away, but I think the default
should be to store and do u
** Description changed:
The externalfeed block should protect user credentials when
- authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears
+ authenticated RSS feeds are used. The blocktype in Mahara 1.5.1 appears
to store login credentials in cleartext within the database.
13 matches
Mail list logo
