I have a question: how to do RSS security? e.g., considering a private forum which can only be accessed by one very specific group, how to handle RSS for that forum? rss readers (be it a desktop program or a web based application like Bloglines or Google Reader) won't authenticate in the forum to parse the feed.
So, while you as an authorized user can see the feed, external tools don't.
What's the best / correct approach to such situation?
Rafael [originally posted on jforum.net by Rafael Steil]
And obviously with HTTPS support since those id's and passwords are sent in the clear. It would be nice to have an option to restrict secured RSS requests to just HTTPS ports.
I suppose that having support for some sort of URL with an AUTH ticket would be nice for people who don't really care about security. This would allow for a semi-secure (anyone getting the URL can get the info) method that any aggregator would support.
Probably time to think about an SSO process for RSS requests too. [originally posted on jforum.net by monroe]
Maybe... the Forum and Topic RSS feeds in private forums will check to see if the current user is authenticated. If you are using a browser that has the SSO cookie or is currently authenticated with jForum (via the web pages), it will work.
If you don't have this, it will request HTTP basic authentication. This is supported by a few RSS Readers.
The thing I'm not sure about is if the code to take the HTTP basic auth reply has been implemented or not.
Try it and see. [originally posted on jforum.net by monroe]
Your buns are mine! But you can have this tiny ad: