RSS Security Question

Discussion in 'ASP .Net' started by FinallyInSeattle, Jun 13, 2006.

  1. I'm new to RSS and have been tasked to write a spec for an RSS
    Publishing facility for my client. I'm proposing that the RSS be
    rendered on-the-fly for the most up to date results and to also support
    RSS feeds of saved searches. My issue is that any of the stored
    procedure calls that I have to make to retrieve the necessary
    information require a user id. How is this typically handled? What is
    the best way to get "user logon" information? In a standard
    newsreader, how does this look to the user?

    Thanks in advance!
     
    FinallyInSeattle, Jun 13, 2006
    #1
    1. Advertising

  2. FinallyInSeattle

    David Hogue Guest

    FinallyInSeattle wrote:
    > I'm new to RSS and have been tasked to write a spec for an RSS
    > Publishing facility for my client. I'm proposing that the RSS be
    > rendered on-the-fly for the most up to date results and to also support
    > RSS feeds of saved searches. My issue is that any of the stored
    > procedure calls that I have to make to retrieve the necessary
    > information require a user id. How is this typically handled? What is
    > the best way to get "user logon" information? In a standard
    > newsreader, how does this look to the user?
    >
    > Thanks in advance!
    >


    Not too long ago I wrote a system that would render rss on-the-fly and
    required a user login. In my case it was for podcasts, so I went and
    tested a few of the more popular clients. I used a simple rss file and
    tweaked the IIS security settings to see what each supported.

    Most clients I tested supported http basic and digest authentication. A
    few didn't support any authentication and none of them supported forms
    authentication. I would expect similar results from more generic
    aggregators. The readers that did support authentication would pop up a
    username/password dialog when adding the feed or the first time the feed
    was updated.

    If you just need the user id or name you might be able to pass it in the
    url (http://some.random/location.rss?userId=42). This would be fairly
    insecure, but if you just wanted it to customize the feed somehow it
    might do the trick.

    --
    David Hogue
     
    David Hogue, Jun 14, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    5
    Views:
    797
    SpaceGirl
    Feb 25, 2005
  2. Motta
    Replies:
    1
    Views:
    559
    Andy Dingley
    Jun 9, 2004
  3. Jake Barnes
    Replies:
    1
    Views:
    431
    Andy Dingley
    Nov 14, 2005
  4. Scott Gordo
    Replies:
    5
    Views:
    739
  5. Jonathan Groll
    Replies:
    1
    Views:
    297
    Kouhei Sutou
    Jun 27, 2009
Loading...

Share This Page