The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
NaturalBornTester
Newbie


Reged: 02/20/08
Posts: 15
Are RSS Feeds safe?
      #699491 - 02/24/12 10:01 AM

Hi all.

I don't know a lot about RSS Feeds but I was asking myself, are they safe?

Assume you have a website which contains sensible data and in this system the user is allowed, after login, to subscribe to any rss feed available on the web and have it displayed in the home page of this website. The website is only accessible by the user via the intranet of the company.

Is there any risk involved in this solution? Is possible to hack a system via Rss Feed?

My natural answer is no. But still I think that a feed (like a news) can contains links that can be launched by the user within the website.Can this feature be used in a malicious way?

Can anyone tell me something more about this subject? Or just tell me I am thinking wrong.

Thanks for helping me out!


Post Extras: Print Post   Remind Me!   Notify Moderator  
dlai
Junior Member


Reged: 05/02/06
Posts: 1041
Loc: CA, USA
Re: Are RSS Feeds safe? [Re: NaturalBornTester]
      #699515 - 02/24/12 04:59 PM

RSS itself is inherently safe. It's basically just a http request which returns an XML document with links to other content. So if you were to just telnet or curl, it won't harm you.

So any vulnerabilities will depend on the application that's rendering the RSS stream. A simple reader might not have to worry as much because it's just displaying a view of the RSS content without having to fetch external content until the user follows the link. Say something like iTunes may be following the links , downloading the album covers behind the scenes, and playing the music files linked by the RSS feed, then you worry about the content linked to by the RSS feed.

--------------------
David Lai
Sr. QA / Test Lead
LinkedIn profile


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 2 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 3096

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5