Hey all
We are thinking to implement RSS feeds at the company i work with as a form of banking /transaction alerts to users.
Does anyone know if this has been done in e-banking apps? Anyone knows any possible security threats? any articels, havent found that much on the net
Possible threat: How do you control access to the feeds? Usual RSS feeds are unprotected; you could have a RSS feed over HTTPS + Basic auth, but is it sufficient for your security guidelines (since it's a bank, I doubt it)? Even if it passed muster, are you sure you want to have two different access paths into the system? More specific ways of authorization will break most RSS readers (as they don't have significant support for more complex authorization schemes).
Also, some people use web-based readers (Google Reader); how do they authorize? Once you allow a web-based RSS reader to spider your RSS feeds, how do you prevent it from sharing this content with other users?