On 18 Jan 2011 19:29, Lee Hughes wrote: > I'm testing the RSS feeds feature in RT and noticed that I can update > the feed results in my RSS reader without logging into RT. I'm guessing > this is related to the "NoAuth" that is embedded in the feed location > URL. Is there a way to secure all RT RSS feeds so that the user is > prompted for their credentials the first time they update the feed > during a browser/reader session?
Feeds are secured by a secret auth token in the URL. They are authenticated for each user, and this way your feed reader doesn't need to handle authentication (which it can't possibly do in every case for every app). As such, feed URLs should be regarded as private. If a user believes their feed URLs compromised, they can reset their authentication token at the bottom of /User/Prefs.html. Thomas
