View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0026330||mantisbt||documentation||public||2019-11-05 20:36||2019-11-06 03:30|
|Summary||0026330: Configuration option to disable RSS|
For a user to subscribe to their personal RSS feed, their RSS reader must submit a GET request that includes their username and a unique key. This may be a security risk, as the username and key could be inadvertently saved to server logs, proxy logs, and if HTTPS is not used, they may be visible to network monitoring tools (e.g. Wireshark).
It would be nice if there were a configuration option to disable RSS entirely, thereby eliminating it as a potential attack vector.
|Tags||No tags attached.|
There is configuration option
Like some more options, it's not docummented in Admin Guide.