I’m testing the RSS feeds feature in RT and noticed that I can update
the feed results in my RSS reader without logging into RT. I’m
guessing this is related to the “NoAuth” that is embedded in the feed
location URL. Is there a way to secure all RT RSS feeds so that the
user is prompted for their credentials the first time they update the
feed during a browser/reader session?
Thanks-
Lee
I’m testing the RSS feeds feature in RT and noticed that I can update
the feed results in my RSS reader without logging into RT. I’m guessing
this is related to the “NoAuth” that is embedded in the feed location
URL. Is there a way to secure all RT RSS feeds so that the user is
prompted for their credentials the first time they update the feed
during a browser/reader session?
Feeds are secured by a secret auth token in the URL. They are
authenticated for each user, and this way your feed reader doesn’t need
to handle authentication (which it can’t possibly do in every case for
every app). As such, feed URLs should be regarded as private.
If a user believes their feed URLs compromised, they can reset their
authentication token at the bottom of /User/Prefs.html.
Thomas