How to limit access to an RSS feed?
July 3, 2007 7:48 AM Subscribe
I need to limit access to a podcast. The feed can either be on a public site or on an already password protected site requiring users to login. What's the best and/or easiest way to protect the feed?
The problem with password protecting anything is that you're assuming the podcatching software is a full-fledged web client, when almost all of them are really simple barely-implement-HTTP apps.
Instead, my first suggestion is to make the URL a secret. Give out a different URL to every legitimate subscriber.
The authentication detail perhaps isn't important, and you may substitute anything for it:
http://example.com/cast/(username)/(md5(username+secret)).rss
So, make a handler at "cast" that looks at the rest of the URL. Take the username and append a secret and then get the MD5 of the whole thing, and if the rest of the URL matches what they asked for, then give out the results. If not, return a 404 status.
posted by cmiller at 9:53 AM on July 3, 2007
Instead, my first suggestion is to make the URL a secret. Give out a different URL to every legitimate subscriber.
The authentication detail perhaps isn't important, and you may substitute anything for it:
http://example.com/cast/(username)/(md5(username+secret)).rss
So, make a handler at "cast" that looks at the rest of the URL. Take the username and append a secret and then get the MD5 of the whole thing, and if the rest of the URL matches what they asked for, then give out the results. If not, return a 404 status.
posted by cmiller at 9:53 AM on July 3, 2007
if you use feedburner they have an option to password protect your feed, but unfortunatley it is one password for all users
posted by DJWeezy at 10:32 AM on July 3, 2007
posted by DJWeezy at 10:32 AM on July 3, 2007
You can't really protect your feed, unless you instruct all your users to use a particular feed reader. If any one of them use a public reader (such as Bloglines) it'll be possible for the whole world to read your feed.
The answers above will do the job (cmiller's idea is the best way to go), but don't expect a complete secure feed.
posted by jayden at 12:14 PM on July 3, 2007
The answers above will do the job (cmiller's idea is the best way to go), but don't expect a complete secure feed.
posted by jayden at 12:14 PM on July 3, 2007
Just in case you aren't aware of it, anybody who listens to your podcast can distribute it if they feel like it.
posted by callmejay at 1:20 PM on July 3, 2007
posted by callmejay at 1:20 PM on July 3, 2007
Response by poster: Thanks all. This is pretty much what I had found through poking around. I'd rather not go the passworded podcast route, but that's not really my decision.
Does it make a difference if the feeds URL is located at a password protected site?
posted by unsigned at 2:19 PM on July 3, 2007
Does it make a difference if the feeds URL is located at a password protected site?
posted by unsigned at 2:19 PM on July 3, 2007
Maybe not so helpful, but this is kind of exactly the opposite of what is implied and intended in the phrase "Really Simple Syndication."
Perhaps RSS isn't your ideal medium?
posted by SlyBevel at 8:51 PM on July 3, 2007
Perhaps RSS isn't your ideal medium?
posted by SlyBevel at 8:51 PM on July 3, 2007
This thread is closed to new comments.
Password Protecting a Podcast
The jist:
Basically, you put a .htaccess file into the directory that contains your podcast feed with content that looks like this:
AuthType Digest
AuthName "Potion Factory"
AuthDigestFile /usr/local/apache/conf/digest_passwd
Require valid-user
You also have to use the following shell command to make the digest_password file:
htdigest -c /usr/local/apache/conf/digest_passwd "Potion Factory" user1
posted by braintoast at 7:53 AM on July 3, 2007