Are there any security implications when embedding a username/password in an rss feed URL?
https://stackoverflow.com/questions/1215570
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I noticed that when I added the FogBugz RSS Feed to my iGoogle page I had to embed my username and password in the feed URL. So are there any security risks associated with doing this?
EDIT: Yes, my question should have specifically stated https and whether or not the query string portion of the url is encrypted.
Solution
If it's not a HTTPS url then yes.
If not it doesn't mean your account has been compromised yet but you're sending authentication information over an unencrypted channel... you're asking for it.
If it is HTTPS you're fine. HTTPS urls are encrypted.
OTHER TIPS
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
