views:

51

answers:

1

I'm working on a website that keeps track of upcoming homework assignments. I'd like to provide an RSS/Atom Feed that shows their upcoming assignments. However, I have no idea how I'm going to limit the items in the feed to their own, as not many feed readers support cookie-based sessions.

Basically, I need to access the request object inside the feed class and accept HTTP basic/digest auth. Is this even possible?

I'm using Django 1.1, Python 2.5.4, and mod_python 3.3.1

+2  A: 

The approach that's compatible with the widest range of feed readers is to encode the user ID (or user name) in the feed URL. That's "security by obscurity", which is way less than ideal, but for people using, say, Google Reader, it may be the best you can do.

Dave W. Smith
So you're saying that I should use something like `example.com/feeds/feedname/username/` ? Or do you think I should mangle the username with something such as base64, so it's not quite so obvious?
bluejeansummer
For each user, you could auto-generate a MD5 hash of their username and a secret salt. So the feed URL would be http://example.com/feeds/feedname/username/hash/ That way, you can look up the feed items by username, and authenticate against the md5 hash. That way no one can guess the URL to see another user's feed.
sixthgear
I suppose that will work, though it will make for long urls. Thank you!
bluejeansummer