mahara-contributors team mailing list archive

Thread
Date

[Bug 1016253] Re: Authenticated RSS feeds should encrypt login credentials

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Richard Mansfield <1016253@xxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Jun 2012 23:29:25 -0000
Reply-to: Bug 1016253 <1016253@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is similar to https://bugs.launchpad.net/mahara/+bug/611045 - if
it's not stored in cleartext, the feed can't be updated later.  I guess
there could be an option to grab the feed once only on block
configuration, then throw the password away, but I think the default
should be to store and do updates.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1016253

Title:
  Authenticated RSS feeds should encrypt login credentials

Status in Mahara ePortfolio:
  New

Bug description:
  The externalfeed block should protect user credentials when
  authenticated RSS feeds are used.  The blocktype in Mahara 1.5.1
  appears to store login credentials in cleartext within the database.

  This presents an unfortunate vulnerability that could give access to
  other systems should Mahara's database be compromised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1016253/+subscriptions

References

[Bug 1016253] [NEW] Authenticated RSS feeds should encrypt login credentials
From: Darren James Harkness, 2012-06-21