0

I have a few RSS feeds that I subscribed to. My problem is that my feed reader does not prompt for user name or password, so in order to get my feed data I have to use https://{username}:{password}@domain.com/rss/feed rather than just https://domain.com/rss/feed.

Is my username and password safe?

karel
  • 5,489
  • 46
  • 45
  • 50
tylersDisplayName
  • 1,603
  • 4
  • 24
  • 42
  • When you type an address like `https://{username}:{password}@domain.com/rss/feed`, the username and passwords are passed via HTTP authentication headers, which are protected by HTTPS like any other HTTP header (provided the usual verifications are made properly). – Bruno Oct 28 '14 at 13:14

1 Answers1

0

Does your RSS feed client verify the server certificate? If the client verifies the particular certificate, then you are safe. If the client just verifies that the certificate has a legitimate signing chain, then you are sort of safe. If the answer is no, then you are not safe.

mattm
  • 5,851
  • 11
  • 47
  • 77