Comment 0 for bug 1016253
Revision history for this message
| Darren James Harkness (darren-athabascau) wrote Authenticated RSS feeds should encrypt login credentials | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The externalfeed block should protect user credentials when authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears to store login credentials in cleartext within the database.
This presents an unfortunate vulnerability that could give access to other systems should Mahara's database be compromised.