The externalfeed block should protect user credentials when authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears to store login credentials in cleartext within the database.
This presents an unfortunate vulnerability that could give access to other systems should Mahara's database be compromised.
The externalfeed block should protect user credentials when authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears to store login credentials in cleartext within the database.
This presents an unfortunate vulnerability that could give access to other systems should Mahara's database be compromised.