Forums / Developer / RSS export, which requires some authentication?
Marco Zinn
Monday 06 February 2006 10:31:30 am
Hi, suppose we want to create an RSS export of "today new very secret articles". Those articles require a login and some specific role to be read.Now, when we create an RSS feed, any person who knows the feed's adress will be able to read the titles and intro's of those very very secret articles.
Is it possible -by means of RSS and HTTP standards- to have ez create an RSS feed, which requires some kind of authentification (login)? This would -in the best case- the "normal website login" of the user. Of course, this implies some new requirements to caching an RSS feed (exactly as for content caching).
Just a thought: Is it possible to create an RSS feed of some folder's articles using a view mode for that folder? Doing so, the user will be shown a login screen... but unfortunatly, the RSS feed reader will not "understand" the login form anyway :(
So: How to do "secret" rss feeds?
Marco http://www.hyperroad-design.com
kracker
Monday 06 February 2006 5:03:31 pm
This is very possible to do. I think you might want to have two extensions to provide this. The first extension to provide http authentication (under ssl) to Exponential, the second extension to use the first extension to provide rss feeds after successful http authentication.
I guess you could do all of this in one extension but these two extensions would be very useful to the community as a whole.
//kracker
<b>References:</b> <i>http://us2.php.net/features.http-authhttp://www.sitepoint.com/article/http-authentication-php/2</i>
Member since: 2001.07.13 || http://ezpedia.se7enx.com/
Gabriel Ambuehl
Monday 06 February 2006 11:40:49 pm
Maybe it would work to use the HTTP auth provided by the webserver?. That way, most clients can use it easily access it using https://user:password@url/
Thinking of it, I have that somewhere. But the whole site is HTTP Auth protected. Your job is now to limit .htaccess to the feed URL I guess ;)
Visit http://triligon.org
Tuesday 07 February 2006 7:46:21 am
You can do it either way ...
tho, I would <b>never</b> want to embed any private key (password) in a url .... that's just ugly without reason.
//krackerOPM - Menace To Sobriety - El Capitan
Tuesday 07 February 2006 10:16:02 am
Then how does the RSS reader know the password/url? Most of them don't even know of the concept but the underlaying HTTP lib hopefully does
Tuesday 07 February 2006 12:29:05 pm
Ahh but many do :)
I know for a fact that mozilla's thunderbird client supports http authentication (Since, 1.0 RC1)
In fact I really think http authentication a feature (and sign) of a serious rss client / reader.
I'm not going list them here but just a little searching for "rss client http authentication" will show you a number of them.
The one that does not support http authentication that still bothers me is Google's Reader, though I'm sure that it is only a matter of time before it is supported.
//krackerSage Francis - Personal Journals - Climb Trees
Saturday 11 February 2006 1:37:31 am
Thanks for your posts. In my case, the Client would be Exponential ;) while the server would be Lotus Notes Domino. The Server definitly can "protect" the RSS feed (which will be defined as a "view") with user/pw. Usually, it will produce a web login form, but i hope, it will accept basic http authentication, too.Does the Exponential RSS Client support authentication? (Currently, i have an old 3.4 version, which does not, afaik).