Forums / Developer / RSS export, which requires some authentication?

RSS export, which requires some authentication?

Author Message

Marco Zinn

Monday 06 February 2006 10:31:30 am

Hi,
suppose we want to create an RSS export of "today new very secret articles". Those articles require a login and some specific role to be read.
Now, when we create an RSS feed, any person who knows the feed's adress will be able to read the titles and intro's of those very very secret articles.

Is it possible -by means of RSS and HTTP standards- to have ez create an RSS feed, which requires some kind of authentification (login)? This would -in the best case- the "normal website login" of the user. Of course, this implies some new requirements to caching an RSS feed (exactly as for content caching).

Just a thought: Is it possible to create an RSS feed of some folder's articles using a view mode for that folder? Doing so, the user will be shown a login screen... but unfortunatly, the RSS feed reader will not "understand" the login form anyway :(

So: How to do "secret" rss feeds?

Marco
http://www.hyperroad-design.com

kracker (the)

Monday 06 February 2006 5:03:31 pm

This is very possible to do. I think you might want to have two extensions to provide this. The first extension to provide http authentication (under ssl) to eZ publish, the second extension to use the first extension to provide rss feeds after successful http authentication.

I guess you could do all of this in one extension but these two extensions would be very useful to the community as a whole.

//kracker

<b>References:</b>
<i>http://us2.php.net/features.http-auth
http://www.sitepoint.com/article/http-authentication-php/2</i>

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Gabriel Ambuehl

Monday 06 February 2006 11:40:49 pm

Maybe it would work to use the HTTP auth provided by the webserver?. That way, most clients can use it easily access it using https://user:password@url/

Thinking of it, I have that somewhere. But the whole site is HTTP Auth protected. Your job is now to limit .htaccess to the feed URL I guess ;)

Visit http://triligon.org

kracker (the)

Tuesday 07 February 2006 7:46:21 am

You can do it either way ...

tho, I would <b>never</b> want to embed any private key (password) in a url .... that's just ugly without reason.

//kracker
OPM - Menace To Sobriety - El Capitan

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Gabriel Ambuehl

Tuesday 07 February 2006 10:16:02 am

Then how does the RSS reader know the password/url? Most of them don't even know of the concept but the underlaying HTTP lib hopefully does

Visit http://triligon.org

kracker (the)

Tuesday 07 February 2006 12:29:05 pm

Ahh but many do :)

I know for a fact that mozilla's thunderbird client supports http authentication (Since, 1.0 RC1)

In fact I really think http authentication a feature (and sign) of a serious rss client / reader.

I'm not going list them here but just a little searching for "rss client http authentication" will show you a number of them.

The one that does not support http authentication that still bothers me is Google's Reader, though I'm sure that it is only a matter of time before it is supported.

//kracker
Sage Francis - Personal Journals - Climb Trees

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Marco Zinn

Saturday 11 February 2006 1:37:31 am

Thanks for your posts.
In my case, the Client would be ezPublish ;) while the server would be Lotus Notes Domino. The Server definitly can "protect" the RSS feed (which will be defined as a "view") with user/pw. Usually, it will produce a web login form, but i hope, it will accept basic http authentication, too.
Does the ezPublish RSS Client support authentication? (Currently, i have an old 3.4 version, which does not, afaik).

Marco
http://www.hyperroad-design.com