Forums » Open discussion »
RSS access key and security problem
Added by Anh Kỳ Huỳnh about 15 years ago
Hello all,
Someone who uses Redmine may like to use RSS access key to track the issues' statuses via RSS reader. I think that the problem may be caused here.
Assuming that I join some projects which are private. I may access the issue listing via RSS like this
some_path/projects/redmine/issues?format=atom&key=RSS_KEY
Such accessing may be logged by web server and proxy server. If a black hacker views the access logs he clearly know my RSS access key and he will use that key to know almost everything from my private projects.
I am afraid that using RSS access key will cause security hole.
What do you think about this issue?
PS: sorry for my bad English.
If he hacks your server for your redmine information he'll probably dump and steal the database instead of reading access log. The password are in config directory.
I don't see this as a problem really.
/T
RE: RSS access key and security problem
-
Added by Thomas Pihl about 15 years ago