Security Problem – Password protected blogs show up in RSS

  • Author
    Posts
  • #27261

    rodeoclown
    Member

    A friend of mine has a password protected blog that I don’t have the password too. She turned on the password after I’d subscribed via RSS.

    I recently updated my RSS feed for her blog, and all her posts were visible to me.

    This is a serious privacy hole – can you fix it please?

    #27421

    podz
    Member

    If she added the password after you had subscribed then some of her posts may well have been in the feed as you got it.
    I will get this looked at but it is almost definitely not any sort of hole.

    #27422

    rodeoclown
    Member

    No, these were definitely new posts that weren’t already in the feed.
    I removed the feed and re-added it, and also tried opening the URL in Firefox directly. I got the full content both times.

    #27423

    podz
    Member

    Please send me the blog address – support@wordpress.com

    #27989

    compartments
    Member

    This happened to me too! I think some feeds picked up a password protected post I wrote a couple months ago because I saw one of them cached on Google for Christ’s sake! When you click on my page it shows only “need password,” but key information of the post was totally visible in Google’s summary box. I went through a hassle to get Google to remove it from their cache. I would not use WordPress.com pass protect feature again. IT IS NOT SECURE.

    #27990

    podz
    Member

    Feeds ARE still protected.

    I just made a protected post. What is the word in it that I have asked you to say?
    http://podz.wordpress.com/feed/

    #27991

    setec
    Member

    Well, I can’t see your post if I go to the site direct:
    http://podz.wordpress.com/

    But if I put your feed in Google RSS, it shows me this much of the post:

    Oct 26, 2006 (4 days ago)
    Protected: Feed Protected
    from Thoughts on Support by podz

    This post is password protected. To view it please enter your password below:

    Password:

    So, I guess I can’t see the post, only the prompt for the password.

The topic ‘Security Problem – Password protected blogs show up in RSS’ is closed to new replies.