| || |
Are RSS Feeds safe?
I don't know a lot about RSS Feeds but I was asking myself, are they safe?
Assume you have a website which contains sensible data and in this system the user is allowed, after login, to subscribe to any rss feed available on the web and have it displayed in the home page of this website. The website is only accessible by the user via the intranet of the company.
Is there any risk involved in this solution? Is possible to hack a system via Rss Feed?
My natural answer is no. But still I think that a feed (like a news) can contains links that can be launched by the user within the website.Can this feature be used in a malicious way?
Can anyone tell me something more about this subject? Or just tell me I am thinking wrong.
Thanks for helping me out!
Re: Are RSS Feeds safe?
RSS itself is inherently safe. It's basically just a http request which returns an XML document with links to other content. So if you were to just telnet or curl, it won't harm you.
So any vulnerabilities will depend on the application that's rendering the RSS stream. A simple reader might not have to worry as much because it's just displaying a view of the RSS content without having to fetch external content until the user follows the link. Say something like iTunes may be following the links , downloading the album covers behind the scenes, and playing the music files linked by the RSS feed, then you worry about the content linked to by the RSS feed.