AFAIK, Secure RSS has not been standardized or is not well supported. Some RSS Readers support HTTP Basic Authentication for this, but not many.
That said, the current jForum code seems to do a security check and issue a "Authentication Required" 401 error back to the browser if a private forums RSS url is called and a current "autologin" cookie set (e.g. Remember me stuff) is not found.
However, I'm not sure if the code currently handles the response with the Authentication HTTP tag. E.g., using this to log the person in.
So, out of the box, if you log into jForum from a browser that has cookies enabled and has logged into jForum, the Browser can probably access the private forum's RSS feed (until the cookie times out). However, third party/no browser software probably can't.
A possible custom solution to this would be to create an SSO implementation that can use HTTP Basic Authentication tags to log existing users in if valid user/password info was found.
This would let URLs like
http://user:[email protected]/forums/rss... work and probably let most RSS readers access private forums.
[originally posted on jforum.net by monroe]