MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > RSS Authentication
Full Version: RSS Authentication
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Sp33d

2007-12-19, 06:34 AM
Hi!

I would like to request the feature, that a user can authenticate himself using the standard http://<username>:<password>@feed-url to access a feed where an anonymous user would not have access to.

This is very important for boards, where no public access is allowed but RSS can be used.
The current situation is that the RSS parser gets the login page instead of the feed, because the user is not logged in.

I suggest that the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables are used to perform a single login, so no session, no cookie and the login is only valid to catch the feed.
This should keep it simple and well at least a little bit safe.

Sp33d

pepotiger

2007-12-19, 07:07 AM
but that will not allow search engines bots to read your RSS feeds!
and it's not to much save to put the username and pw in the url, what if you tryed to get the RSS url, and you are in public place (such as net caffe or so), and some ppl around you!
they may arrive the url from the browser history.. I don't think it's save enough

Sp33d

2007-12-19, 07:37 AM
Search engines MUST NOT read this RSS feed.
If I set my board to disallow anonymous visitors, this should also include search engines, otherwise I will find the contents of my board in Google's cache next day Smile

Problem is that as soon as you disallow anonymous visitors, nobody can check out the RSS feed anymore.

BTW, I didn't say that this way of submitting the credentials is safe, but it is safer to use this type of login only for RSS checkout than to accept it all over the board.

About the security issues in public places: Nobody can protect a board from stupid admins Smile

Snake

2007-12-23, 03:50 AM
You can delete the syndication.php file from your forums root directory. I have tested this little and it doesn't seem to cause any problems. This does lose all RSS feeds from your forum.

Sp33d

2007-12-24, 10:23 AM
Please read both the titel of the thread and the originbal post before trying to increase your post counter.

This thread is about adding some kind of authentication to RSS feeds, so that users can read the RSS feeds although the feeds are not accessible for guests ans search engines.

Currently, if you deny access for guests, nobody can read the RSS feeds anymore, even valid users. This is a major problem because it renders the RSS functionality useless in those cases.

Snake

2007-12-29, 02:15 AM
There is know way I can think of to do this. And just to make you aware I was trying to HELP YOU.... Who noes mabey someone else doesn't want RSS at all.

Your Welcome.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > RSS Authentication