Comment 8 for bug 1016253
Revision history for this message
| Aaron Wells (u-aaronw) wrote Re: Authenticated RSS feeds should encrypt login credentials | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Hm, there are actually two pieces to this bug, which can be implemented separately.
1. Encrypt the RSS feed passwords (and usernames? and maybe even URLs?) in the database, so that a SQL injection vuln that allows people to read the DB won't expose the passwords.
2. Don't send the plaintext passwords (and/or usernames and/or URLs) to the user's browser, so that people who gain access to their account won't be able to read them.