Habralent by rss vs. change Password

    Being a famous paranoid, periodically whenever possible, I change my passwords. Recently, just in case, I changed the password on the hub - as they say, to avoid.

    The fun began after. I generally read my haralent through rss. And only by the end of the second day I suspected something was amiss. The RSS reader stopped receiving new feeds from the usually very active hub in this regard. Starting to deal with this issue, I came across a rather interesting thing.
    So, let's look at the rss link of the habrent. It is formed as follows:
    habrahabr.ru/rss/lenta/username/32_hex_symbol/
    Everything is more or less logical. Taking into account the fact that closed topics of friends get into the habrant, it’s not worthwhile to especially burn the address of your feed, so the last part of the URL for each user will be specific and difficult to guess. Obviously, this is md5 from some combination of the name, password, and possibly something else (for example, the registration date).
    Everything would be fine, but apparently, instead of calculating this hash once and entering it into the corresponding table, it is calculated dynamically. In accordance with this, immediately after changing the password, the rss-url of my habrenta also changes. Thus, without any additional warnings, I was automatically unsubscribed from my own tape. Agree not the most obvious result. Habradevelopers, did you think so ?!

    Also popular now: