View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026330 | mantisbt | documentation | public | 2019-11-05 20:36 | 2019-11-06 03:30 |
Reporter | anfrind | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | confirmed | Resolution | open | ||
Summary | 0026330: Configuration option to disable RSS | ||||
Description | For a user to subscribe to their personal RSS feed, their RSS reader must submit a GET request that includes their username and a unique key. This may be a security risk, as the username and key could be inadvertently saved to server logs, proxy logs, and if HTTPS is not used, they may be visible to network monitoring tools (e.g. Wireshark). It would be nice if there were a configuration option to disable RSS entirely, thereby eliminating it as a potential attack vector. | ||||
Tags | No tags attached. | ||||
There is configuration option Like some more options, it's not docummented in Admin Guide. |
|