HTTP authentication for TTRSS #133

Closed
opened 6 years ago by jking · 0 comments
jking commented 6 years ago
Owner

Normally TTRSS does not make use of HTTP authentication, but most clients can be configured to answer HTTP challenges. While the administrator can simply enforce HTTP authentication before handing off the request to PHP, implementing authentication in the TTRSS handler itself has some advantages:

  1. The Arsse may have readier access to credentials
  2. It's possible to prevent information leakage via feed icons not only from the public, but between authenticated users
  3. Authentication can be generalized and the userPreAuth setting honoured in TTRSS as well
Normally TTRSS does not make use of HTTP authentication, but most clients can be configured to answer HTTP challenges. While the administrator can simply enforce HTTP authentication before handing off the request to PHP, implementing authentication in the TTRSS handler itself has some advantages: 1. The Arsse may have readier access to credentials 2. It's possible to prevent information leakage via feed icons not only from the public, but between authenticated users 3. Authentication can be generalized and the `userPreAuth` setting honoured in TTRSS as well
jking added this to the Omitted features milestone 6 years ago
jking added the
enhancement
label 6 years ago
jking removed the due date 0000-12-31 6 years ago
jking closed this issue 6 years ago
jking modified the milestone from Omitted features to 0.4.0 5 years ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.