I'd like to use RSS for a service that we provide, but I'll need to
implement an authentication scheme so that I can put sensitive/personal
data in the RSS feeds.
How could I do that? I think HTTP authentication for RSS only works in
Opera.
Any idea?
--
Thanks,
Justin.
http://www.opera.com/mail/
Full Version: How to authenticate RSS?
Justin Sane wrote:
| QUOTE |
| I'd like to use RSS for a service that we provide, but I'll need to implement an authentication scheme so that I can put sensitive/personal data in the RSS feeds. How could I do that? I think HTTP authentication for RSS only works in Opera. Any idea? |
Don't. RSS is not a secure protocol.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
[Email Removed]
==================
Justin Sane wrote:
| QUOTE |
| I'd like to use RSS for a service that we provide, but I'll need to implement an authentication scheme so that I can put sensitive/personal data in the RSS feeds. How could I do that? I think HTTP authentication for RSS only works in Opera. |
It works in Rawdog too, and Sage (so that's all three clients that people
subscribing to an SSL + Basic Authentication have so much as tried).
If you want to avoid HTTP authentication, then you are most likely looking
at putting the credentials in the query string, and having your
authentication handler look at that.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Jerry Stuckle wrote:
| QUOTE |
| Justin Sane wrote: I'd like to use RSS for a service that we provide, but I'll need to implement an authentication scheme Don't. RSS is not a secure protocol. |
RSS is not a protocol. Its a data format. Security is provided by the
transport protocol though, and there is nothing wrong with organsing that
data using RSS.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
On Sun, 10 Jul 2005 06:01:41 -0300, David Dorward <[Email Removed]>
wrote:
wrote:
| QUOTE |
| If you want to avoid HTTP authentication, then you are most likely looking at putting the credentials in the query string, and having your authentication handler look at that. |
You mean something like this:
http://domain.com/suggestions.php?customer...&passwd=M8dEbP7
This wouldn't be secure :(
--
Thanks,
Justin.
http://www.opera.com/mail/
Justin Sane wrote:
| QUOTE |
| You mean something like this: http://domain.com/suggestions.php?customer...&passwd=M8dEbP7 This wouldn't be secure :( |
No it wouldn't, but neither would basic authentication.
https://example.com/suggestions.php?custome...&passwd=M8dEbP7
.... on the other hand would be secure ... at least as far as transport is
concerned. Once it gets to the end user's system, its open season - but
that's true of anything.
(And please use example.com for examples (as per RFC 2606), that's what it
is there for. Someone has actually registered domain.com).
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.