Comment 10 for bug 1016253

Revision history for this message
Aaron Wells (u-aaronw) wrote : Re: Authenticated RSS feeds should encrypt login credentials

And here's the fix to issue #2 mention in my previous comment, "Don't send the plaintext passwords (and/or usernames and/or URLs) to the user's browser:

https://reviews.mahara.org/2096

I think we should push this with the security release early this week, and we can work on encrypting them in the database for the next release.