Subscribe: Comments on: How to limit access to an RSS feed?
http://ask.metafilter.com/66151/How-to-limit-access-to-an-RSS-feed/rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access feed  access  apache  feed  limit access  limit  make  password protecting  password  podcast  protect feed  protected site  secret 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: How to limit access to an RSS feed?

Comments on: How to limit access to an RSS feed?



Comments on Ask MetaFilter post How to limit access to an RSS feed?



Published: Tue, 03 Jul 2007 07:53:26 -0800

Last Build Date: Tue, 03 Jul 2007 07:53:26 -0800

 



Question: How to limit access to an RSS feed?

Tue, 03 Jul 2007 07:48:34 -0800

I need to limit access to a podcast. The feed can either be on a public site or on an already password protected site requiring users to login. What's the best and/or easiest way to protect the feed?



By: braintoast

Tue, 03 Jul 2007 07:53:26 -0800

Here's a *really easy way to do this if you're serving your file(s) on an apache server.

Password Protecting a Podcast

The jist:
Basically, you put a .htaccess file into the directory that contains your podcast feed with content that looks like this:

AuthType Digest
AuthName "Potion Factory"
AuthDigestFile /usr/local/apache/conf/digest_passwd
Require valid-user


You also have to use the following shell command to make the digest_password file:

htdigest -c /usr/local/apache/conf/digest_passwd "Potion Factory" user1



By: cmiller

Tue, 03 Jul 2007 09:53:27 -0800

The problem with password protecting anything is that you're assuming the podcatching software is a full-fledged web client, when almost all of them are really simple barely-implement-HTTP apps.

Instead, my first suggestion is to make the URL a secret. Give out a different URL to every legitimate subscriber.

The authentication detail perhaps isn't important, and you may substitute anything for it:

http://example.com/cast/(username)/(md5(username+secret)).rss

So, make a handler at "cast" that looks at the rest of the URL. Take the username and append a secret and then get the MD5 of the whole thing, and if the rest of the URL matches what they asked for, then give out the results. If not, return a 404 status.



By: DJWeezy

Tue, 03 Jul 2007 10:32:30 -0800

if you use feedburner they have an option to password protect your feed, but unfortunatley it is one password for all users



By: jayden

Tue, 03 Jul 2007 12:14:57 -0800

You can't really protect your feed, unless you instruct all your users to use a particular feed reader. If any one of them use a public reader (such as Bloglines) it'll be possible for the whole world to read your feed.

The answers above will do the job (cmiller's idea is the best way to go), but don't expect a complete secure feed.



By: callmejay

Tue, 03 Jul 2007 13:20:02 -0800

Just in case you aren't aware of it, anybody who listens to your podcast can distribute it if they feel like it.



By: unsigned

Tue, 03 Jul 2007 14:19:21 -0800

Thanks all. This is pretty much what I had found through poking around. I'd rather not go the passworded podcast route, but that's not really my decision.

Does it make a difference if the feeds URL is located at a password protected site?



By: SlyBevel

Tue, 03 Jul 2007 20:51:50 -0800

Maybe not so helpful, but this is kind of exactly the opposite of what is implied and intended in the phrase "Really Simple Syndication."

Perhaps RSS isn't your ideal medium?