#1724 closed defect (worksforme)
Revision Log RSS can be read without authentication
Reported by: | anonymous | Owned by: | Jonas Borgström |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | version control/log view | Version: | devel |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
I am not sure this is a huge deal, I thought I would report it anyway. I have permissions to browse the source to require authentication. When I decided to add the RSS feed of the trunk's revision log to my reader, I noticed that it did not ask me for any authentication. It was able to read the feed with no problems, but I needed to authenticate when I clicked on the Read On link.
Not a big security risk since I needed to authenticate to get to the RSS feed link to begin with, but some may not like it.
Attachments (0)
Change History (2)
comment:1 by , 19 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
comment:2 by , 19 years ago
Also, be sure to read #540 to see the discussion of some of the issues regarding RSS with authentication.
This works fine for me. Maybe your RSS reader cached the authentication information when subsribing to another feed on the site. Also double-check your permissions to see how they're set up. The revision log access is based on the LOG_VIEW permission, so check that this is what you're configuring.