Patrice Neff wrote:
Timwi timwi@gmx.net writes:
It is not possible in general to authenticate an RSS feed. Of course Wikipedia could require a cookie or a HTTP Auth before it will show you the RSS feed, but that makes it pretty much useless because most RSS readers don't support this. In particular, a lot of RSS readers -- such as LiveJournal -- handle RSS feeds as a fundamentally public resource and cannot allow any authentication to be sent with it.
I'm currently thinking about the same problem for a personal Web site. The approach I'll probably choose is some hash in the URL. For example a hash of the User name and the Password hash. The "XML" or "Syndicate" or whatever-button will then link to the rss.php?user=user&id=HASH page. There I can easily check if the HASH is correct for the specified user.
That seems quite clever - if a user want their feed to be public, they can just give out the URL, and if they want it private again, they just change their password.
However, I can see two problems with it. Firstly, if the hash is known, then the password might not be too difficult to crack anymore (because you can just do it locally). Seconlyd, users are probably generally too stupid to handle it correctly. Some people will put such a hashed URL into a public RSS reader (e.g. LiveJournal) and then complain that other people can reed their feed.
Admittedly, the latter problem is probably not quite as bad on Wikipedia.