aspose file tools*
The moose likes JForum and the fly likes RSS security - how? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "RSS security - how?" Watch "RSS security - how?" New topic
Author

RSS security - how?

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hey guys,

I have a question: how to do RSS security? e.g., considering a private forum which can only be accessed by one very specific group, how to handle RSS for that forum? rss readers (be it a desktop program or a web based application like Bloglines or Google Reader) won't authenticate in the forum to parse the feed.

So, while you as an authorized user can see the feed, external tools don't.

What's the best / correct approach to such situation?

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
For all I have seen, the only approach for this is to use HTTP Basic Authentication, and rely on agregators that support such functionality, but new ideas are welcome.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
HTTP Auth is the way to go I think.
[originally posted on jforum.net by ebourg]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
And obviously with HTTPS support since those id's and passwords are sent in the clear. It would be nice to have an option to restrict secured RSS requests to just HTTPS ports.

I suppose that having support for some sort of URL with an AUTH ticket would be nice for people who don't really care about security. This would allow for a semi-secure (anyone getting the URL can get the info) method that any aggregator would support.

Probably time to think about an SSO process for RSS requests too.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Is any feed of private forum topics supported?
[originally posted on jforum.net by rhudson]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Maybe... the Forum and Topic RSS feeds in private forums will check to see if the current user is authenticated. If you are using a browser that has the SSO cookie or is currently authenticated with jForum (via the web pages), it will work.

If you don't have this, it will request HTTP basic authentication. This is supported by a few RSS Readers.

The thing I'm not sure about is if the code to take the HTTP basic auth reply has been implemented or not.

Try it and see.
[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: RSS security - how?