While Kevin has pointed out some important issues in regards to Greasemonkey – I found this new concept for securing an RSS feed an invaluable tip.

Joe Gregorio wanted a way to syndicate content for himself and appears to be onto a method. With some tweaking perhaps this could also be explored as a way to distribute paid content to a restricted audience…?


  • http://www.lowter.com charmedlover

    Very interesting, I figured that it would eventually happen. Paid RSS feeds were a sure-thing once it goes commercial.

  • http://www.davidschultz.org dschultz

    Very timely blog – just yesterday i spent a couple hours searching on google for a way to create a password protect my RSS feed. If you have your username / passwords in MySQL, i *THINK* (haven’t full tested this yet) you can just use the PHP variable:
    Using the header function i think you can make this work:

    if (!isset($_SERVER[‘PHP_AUTH_USER’])) {
    //prompt for username / password
    } else {
    //check PW with MySQL, if successful spit out the RSS feed.
    Hope that helps!

  • Icheb

    $_SERVER[‘PHP_AUTH_USER’] is used for htaccess authentication. Do RSS readers support that in the first place?

  • http://www.guestbookz.com Darren884

    Pretty cool. Couldn’t you use an easier way by just using a get method of username and password retrieval on the url you were going to parse?

  • Charlie Wood

    Yes, most RSS readers support Basic HTTP Auth, which when used with SSL makes for a secure feed. I thought Bloglines did, but there was some issue with their requiring you to put you username:password directly in the feed URL, which is obviously a Bad Thing. Anyway, Basic Auth + SSL (so passwords aren’t sent in the clear) is the way to go.



Special Offer
Free course!

Git into it! Bonus course Introduction to Git is yours when you take up a free 14 day SitePoint Premium trial.