tags:

views:

53

answers:

2
Q: 

how to allow RSS aggregators to use feeds available only for logged-in users?

I want to have RSS feeds in my Django application, which should be viewable only by a logged-in user. I want to allow users to add these RSS feeds to all aggregators, so I would need something which would work like this: supply the feed URL with a token, for example: http://example.com/feed/rss&token=AeYQtFjQfjU5m so that token will cause the feed to be seen as if the user would be logged in.

Is there some library in Django which would provide such a functionality?

+2  A: 

You could generate the token when creating a user for the first time. This way you can add the token to the feed when a user is logged in. Later when a RSS feed reader comes by your site for the user, you just load the user information for the user with that token.

Peter Stuifzand  2009-12-07 19:44:17
that is basically security by obscurity, but at the same time it's the best possible solution, since RSS aggregators tend to have zero support for authentication
Jiaaro  2009-12-07 20:40:32
I didn't describe the way that you could generate the token. I would use some kind of randomly generated token, because it's easier to regenerate if it's compromised. Your solution would work to.
Peter Stuifzand  2009-12-21 14:38:54
+1  A: 

Try making a hash of some unique property of the user... something like

md5("%s!%s" % (SECRET_KEY, user.username)).hexdigest()

PS - I didn't test this code but you get the idea

Jiaaro  2009-12-07 20:42:09
OK, thanks. Just two notes: if I "import md5" it results in TypeError: 'module' object is not callableTook me a while to find out I need md5.md5("%s!%s" % (SECRET_KEY, user.username)).hexdigest()But then found out that this is depreceated, and since Python 2.5 one should use: hashlib.md5("%s!%s" % (SECRET_KEY, user.username)).hexdigest()or even: hashlib.sha512("%s!%s" % (SECRET_KEY, user.username)).hexdigest()
miernik  2009-12-07 22:05:19
yeah that should start with `from hashlib import md5` =D
Jiaaro  2009-12-08 14:27:14

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication