• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

RSS security - how?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey guys,

I have a question: how to do RSS security? e.g., considering a private forum which can only be accessed by one very specific group, how to handle RSS for that forum? rss readers (be it a desktop program or a web based application like Bloglines or Google Reader) won't authenticate in the forum to parse the feed.

So, while you as an authorized user can see the feed, external tools don't.

What's the best / correct approach to such situation?

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For all I have seen, the only approach for this is to use HTTP Basic Authentication, and rely on agregators that support such functionality, but new ideas are welcome.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HTTP Auth is the way to go I think.
[originally posted on jforum.net by ebourg]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And obviously with HTTPS support since those id's and passwords are sent in the clear. It would be nice to have an option to restrict secured RSS requests to just HTTPS ports.

I suppose that having support for some sort of URL with an AUTH ticket would be nice for people who don't really care about security. This would allow for a semi-secure (anyone getting the URL can get the info) method that any aggregator would support.

Probably time to think about an SSO process for RSS requests too.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is any feed of private forum topics supported?
[originally posted on jforum.net by rhudson]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Maybe... the Forum and Topic RSS feeds in private forums will check to see if the current user is authenticated. If you are using a browser that has the SSO cookie or is currently authenticated with jForum (via the web pages), it will work.

If you don't have this, it will request HTTP basic authentication. This is supported by a few RSS Readers.

The thing I'm not sure about is if the code to take the HTTP basic auth reply has been implemented or not.

Try it and see.
[originally posted on jforum.net by monroe]
 
Heroic work plunger man. Please allow me to introduce you to this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic