tags:

views:

21

answers:

1
+1  Q: 

How to offer extended RSS feed to premium users?

I would like to provide extended RSS content (extended with unmoderated comments, for example) to premium users (moderators).

Would it be possible to somehow authenticate readers of feeds other than attaching a personal token string to the RSS URL?

Granted, this way a curious person only needs to steal an RSS link like this (much like one could steal a session id), but a password could be acquired just as easily, right?

How could I make this a bit more secure especially against PEBKAC issues?

Would you consider this an idea worth pursuing or should I just discard it and find some alternative? Could you suggest such an alternative?

A: 

You can use http authentication, like this java example. It, and your url idea, are in the open, so https is needed to prevent user/pass/session theft.

You would then also need user and session code, and password recovery code. You could try advertising before doing the work. Create a link, "Click here to pay X dollars for premium rss", and see if anyone uses it. I think there was a stack overflow podcast that mentioned this, anyone remember which one?

Brian Maltzan  2010-09-15 19:14:52
I don't get it. RSS needs to be readable by external services (i.e. google reader): if those services do not support *whatever* system you use, it just won't work.
Lo'oris  2010-09-16 09:36:15
It's beneficial, but not necessarily a requirement for his feed to be readable by external services. His users could find and install a reader that supports his authentication, ie: feeddemon.
Brian Maltzan  2010-09-16 12:56:14

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication