Project

General

Profile

Feature #509

Home: feeder

Added by Anonymous about 10 years ago. Updated almost 9 years ago.

Status:
Rejected - Abandoned
Priority:
Normal
Target version:
Start date:
14/01/2010
Due date:
% Done:

0%

Estimated time:
Complexity:
Normal

Description

Security settings have disabled the possibility to show RSS-feeds on the home-page (error: cannot connect to feed).
The feeder function needs to be changed in order to show the feeds in a secure way.

History

#1

Updated by Sven Vanpoucke about 10 years ago

  • Status changed from New to Rejected - Abandoned
  • Assignee set to Sven Vanpoucke

I'm afraid this is not possible. A feed is a connection to an external website. When you disable connections to external websites for security reasons you can't use the feeder anymore. No matter what feeder function / plugin you use, everything uses the same basic principle => a connection to an external website.

#2

Updated by Anonymous about 10 years ago

As you know it has to do with php settings, not with the fact that it concerns external websites. If this were the security issue, no other environment would implement it and they do.

#3

Updated by Hans De Bisschop about 10 years ago

Jean-Marie Maes wrote:

As you know it has to do with php settings, not with the fact that it concerns external websites.

So it actually does. Your server is probably configured in such a way that PHP is not allowed to open external URLs. So if they weren't external feeds, there'd be no problem ... now there is.

The fact that it does work on most sites is more then likely because they do allow connections to external websites / URLs.

#4

Updated by Hans De Bisschop about 10 years ago

For more information on this subject, check http://be2.php.net/manual/en/features.remote-files.php

#5

Updated by Anonymous about 10 years ago

Basically I would like to know if this really poses 'insurmountable' security problems.
This is far from an essential feature, but it is a feature most portals have.
At the very least it should be possible to show an RSS-feed of your own Chamilo-platform (not an external website anyhow).

#6

Updated by Hans De Bisschop about 10 years ago

It's not really a matter of security, rather then just enabling the setting on your own server. Allowing your server to directly use external files is always potentially a security threat, but it's a basic functionality of PHP (if enabled). It's up to each and every developer to make sure such external resources are handled properly.

RSS-feeds are enabled on the Erasmus 2.0-portal and work just fine ...

At any rate I'll add a check to the code that tries to display the feed in case the setting in question is disabled.

#7

Updated by Stefaan Vanbillemont almost 9 years ago

  • Project changed from Chamilo LCMS Connect to Home
  • Category deleted (17)
#8

Updated by Stefaan Vanbillemont almost 9 years ago

  • Target version changed from 2 to 1.0.0

Also available in: Atom PDF