10 messages in com.mysql.lists.eventum-usersRe: RSS feed| From | Sent On | Attachments |
|---|---|---|
| Joey Moe | 20 Jul 2005 10:29 | |
| Joao Prado Maia | 20 Jul 2005 12:44 | |
| Randy Norwood | 21 Jul 2005 11:17 | |
| Joao Prado Maia | 21 Jul 2005 11:57 | |
| Randy Norwood | 21 Jul 2005 12:30 | |
| Joao Prado Maia | 28 Jul 2005 11:46 | |
| Reuven Nisser | 29 Jul 2005 03:05 | |
| Joao Prado Maia | 29 Jul 2005 19:07 | |
| Dn. Kirill Sokolov | 12 Sep 2005 09:32 | |
| Joao Prado Maia | 12 Sep 2005 09:34 |
| Subject: | Re: RSS feed |
|---|---|
| From: | Randy Norwood (rand...@ttu.edu) |
| Date: | 07/21/2005 12:30:15 PM |
| List: | com.mysql.lists.eventum-users |
Joao:
I tried clicking the RSS icon, and it behaved the same way.
When I click the icon or go to the feed URL, a browser authentication dialog pops up that says "Enter username and password for '' at [hostname]." Note the empty quotes after "for".
I fill it in and submit it, it fails, and then another authentication dialog comes up. It's the same as the first, except that the empty quotes are filled in with the local customized name we've given to Eventum.
On the confidentiality issue, given the type of information being tracked, we don't need to worry about that very much. So, can authentication be easily bypassed (without bypassing Eventum's main authentication)?
Thanks
Randy
On 07/21/05 1:57 PM, "Joao Prado Maia" <jp...@mysql.com> wrote:
Randy,
Is it feasible to disable the authentication requirement for viewing the RSS feed?
It is possible to remove that requirement, but that would make it open for other people to see potential confidential information by simply "guessing" the URL:
http://domain.com/eventum-path/rss.php?custom_id=NUMBER_HERE
Also, when I did try to authenticate, it wouldn't accept my normal Eventum login (email address and password).
Strange. I just tried it myself on my development environment and everything worked fine. Can you simply click the orange RSS icon on the web interface with your browser and see if it works there?
--Joao