0

I have a few RSS feeds that I subscribed to. My problem is that my feed reader does not prompt for user name or password, so in order to get my feed data I have to use https://{username}:{password}@domain.com/rss/feed rather than just https://domain.com/rss/feed.

Is my username and password safe?

karel
  • 4,637
  • 41
  • 42
  • 47
TylersSN
  • 1,510
  • 4
  • 22
  • 41
  • When you type an address like `https://{username}:{password}@domain.com/rss/feed`, the username and passwords are passed via HTTP authentication headers, which are protected by HTTPS like any other HTTP header (provided the usual verifications are made properly). – Bruno Oct 28 '14 at 13:14

1 Answers1

0

Does your RSS feed client verify the server certificate? If the client verifies the particular certificate, then you are safe. If the client just verifies that the certificate has a legitimate signing chain, then you are sort of safe. If the answer is no, then you are not safe.

mattm
  • 5,655
  • 10
  • 44
  • 75