What would be the best approach to generate a secure feed?
Would some sort of token (feed.example.com/user_private?user=1&token=XXXXXXXXXXX) be allright or are any other more appropriate solutions?
+1
A:
Use basic authentication.
http://username:[email protected]/user_private
(Not all feed readers support this.)
Jeremy Stein
2009-09-24 18:12:43
Wouldn't using the user's password be quite insecure? Someone getting the their hands on it would then be able to simply log in as the user, not only see the contents of the feed.
Miroslav Solanka
2009-09-24 19:37:38
Reading Adam's link above, this could actually be the way to go but with https://
Miroslav Solanka
2009-09-24 19:40:21
Yes, it is troubling that the password is revealed to anyone who can see the URL.
Jeremy Stein
2009-09-24 20:02:21
+3
A:
Although I have little to offer on the subject, perhaps you will find the following article useful:
Private RSS Feeds: Support for security in aggregators
He offers summaries of various RSS feed clients (they may be a bit dated by now). The comments may also prove useful.
Adam Paynter
2009-09-24 18:13:08