Securing an RSS Feed

By Blane Warrene

While Kevin has pointed out some important issues in regards to Greasemonkey – I found this new concept for securing an RSS feed an invaluable tip.

Joe Gregorio wanted a way to syndicate content for himself and appears to be onto a method. With some tweaking perhaps this could also be explored as a way to distribute paid content to a restricted audience…?

  • Very interesting, I figured that it would eventually happen. Paid RSS feeds were a sure-thing once it goes commercial.

  • Very timely blog – just yesterday i spent a couple hours searching on google for a way to create a password protect my RSS feed. If you have your username / passwords in MySQL, i *THINK* (haven’t full tested this yet) you can just use the PHP variable:
    Using the header function i think you can make this work:

    if (!isset($_SERVER[‘PHP_AUTH_USER’])) {
    //prompt for username / password
    } else {
    //check PW with MySQL, if successful spit out the RSS feed.
    Hope that helps!

  • Icheb

    $_SERVER[‘PHP_AUTH_USER’] is used for htaccess authentication. Do RSS readers support that in the first place?

  • Pretty cool. Couldn’t you use an easier way by just using a get method of username and password retrieval on the url you were going to parse?

  • Charlie Wood

    Yes, most RSS readers support Basic HTTP Auth, which when used with SSL makes for a secure feed. I thought Bloglines did, but there was some issue with their requiring you to put you username:password directly in the feed URL, which is obviously a Bad Thing. Anyway, Basic Auth + SSL (so passwords aren’t sent in the clear) is the way to go.


Get the latest in Front-end, once a week, for free.