Re: [Semanticscuttle-devel] Functionality: Private RSS, rsscount, rss and page fixes
Brought to you by:
cweiske
Menu
▾
▴
Re: [Semanticscuttle-devel] Functionality: Private RSS, rsscount, rss and page fixes
|
From: Christian W. <cw...@cw...> - 2010-01-19 10:36:00
|
Hello whateveryournameis, > > What I did not implement and will not implement: > > - private rss feeds by appending an extra parameter. Private rss > > feeds itself: yes, but not that parameter. > > Reason for this is, that by using http basic auth with > > http://user:pass@host/..., we have something that's well-known and > > working. Downside is that it can be sniffed when used over an > > insecure network connection. > > > As is now, I agree that both cookiehash and http auth for private rss > feeds are insecure. The reasoning behind allowing access to private > feeds via some sort of hash in the query parameter is compatibility > with various aggregators. Yep, some aggregators do not support http basic auth, which is a shame. > Delicious does the same thing, however I > don't believe that it's hash is in any way related to the username or > password. Ideally both the hash and the cookie hashes would be > randomly generated and stored, however that would require a bit of > editing to the core auth system (adding a session table and a cleanup > function). This may be a viable temporary measure: md5sum the cookie > hash (which is an md5sum of user+pass). This hash would -only- grant > access to one's private feed and not one's entire account - unless > there's something broken with md5sum(md5sum(data)). We'd better have a completely separate type of login here that only allows access to rss feeds and does not give you a valid session. I'll see what I can do about that. > > > "The links displayed in bookmark listings no longer prepend > > > url_redir " > > - I did not see that change in your patch. You can already disable > > that in the configuration options globally. Enabling it only for > > RSS feeds is not a sensible option in my eyes. > > > Actually what I did was edit bookmarks.php to not -display- > url_redir. (a href=URL_REDIR+URL)URL(/a) as opposed to (a > href=URL_REDIR+URL)URL_REDIR+URL(/a) I saw the patch in #2934868 which is fine for me now that you explained it :) -- Regards/Mit freundlichen Grüßen Christian Weiske -= Geeking around in the name of science since 1982 =- |
