Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

RSS security - how?

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey guys,

I have a question: how to do RSS security? e.g., considering a private forum which can only be accessed by one very specific group, how to handle RSS for that forum? rss readers (be it a desktop program or a web based application like Bloglines or Google Reader) won't authenticate in the forum to parse the feed.

So, while you as an authorized user can see the feed, external tools don't.

What's the best / correct approach to such situation?

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For all I have seen, the only approach for this is to use HTTP Basic Authentication, and rely on agregators that support such functionality, but new ideas are welcome.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTP Auth is the way to go I think.
[originally posted on jforum.net by ebourg]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And obviously with HTTPS support since those id's and passwords are sent in the clear. It would be nice to have an option to restrict secured RSS requests to just HTTPS ports.

I suppose that having support for some sort of URL with an AUTH ticket would be nice for people who don't really care about security. This would allow for a semi-secure (anyone getting the URL can get the info) method that any aggregator would support.

Probably time to think about an SSO process for RSS requests too.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is any feed of private forum topics supported?
[originally posted on jforum.net by rhudson]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe... the Forum and Topic RSS feeds in private forums will check to see if the current user is authenticated. If you are using a browser that has the SSO cookie or is currently authenticated with jForum (via the web pages), it will work.

If you don't have this, it will request HTTP basic authentication. This is supported by a few RSS Readers.

The thing I'm not sure about is if the code to take the HTTP basic auth reply has been implemented or not.

Try it and see.
[originally posted on jforum.net by monroe]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic