Edgewall Software
Modify

Opened 19 years ago

Closed 19 years ago

Last modified 10 years ago

#1724 closed defect (worksforme)

Revision Log RSS can be read without authentication

Reported by: anonymous Owned by: Jonas Borgström
Priority: normal Milestone:
Component: version control/log view Version: devel
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

I am not sure this is a huge deal, I thought I would report it anyway. I have permissions to browse the source to require authentication. When I decided to add the RSS feed of the trunk's revision log to my reader, I noticed that it did not ask me for any authentication. It was able to read the feed with no problems, but I needed to authenticate when I clicked on the Read On link.

Not a big security risk since I needed to authenticate to get to the RSS feed link to begin with, but some may not like it.

Attachments (0)

Change History (2)

comment:1 by Matthew Good, 19 years ago

Resolution: worksforme
Status: newclosed

This works fine for me. Maybe your RSS reader cached the authentication information when subsribing to another feed on the site. Also double-check your permissions to see how they're set up. The revision log access is based on the LOG_VIEW permission, so check that this is what you're configuring.

comment:2 by Matthew Good, 19 years ago

Also, be sure to read #540 to see the discussion of some of the issues regarding RSS with authentication.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.