18

Basecamp uses HTTP authentication for its RSS feeds but this means that Google Reader, Bloglines and Firefox/Safari RSS don't work.

Is it possible to secure an RSS feed but still allow access from these popular readers?

Jon Winstanley
  • 23,010
  • 22
  • 73
  • 116

2 Answers2

7

Only possible solution I would think is use some randomly generated token inside URL to your feed. InfoQ works this way (with personalized feed) and I think many other. This way you can always revoke access to feed by simply changing token.

It has one disadvantage - it is not "protected" by password, so everyone who has can guess (or read from config files of your reader) URL has access to your feed.

And never, NEVER, put anything sensitive in this feed. Put only short summary and require users to open browser, log in and read more.

MBO
  • 30,379
  • 5
  • 50
  • 52
  • 3
    Same method that Google Calendar uses for its 'private' calendar feeds. Also mind though that Google Reader indexes and caches all your posts, I would not be surprised when they would turn up in someone else's search results... – Wim Jan 20 '10 at 11:50
  • I just implemented this and am curious about what @Wim suggested. How prevalent is this from being exposed in other's searches? – Justin Pihony Apr 05 '16 at 17:55
7

Try using the RSS feed url in format: https://USERNAME:PASSWORD@URL

For a Basecamp project feed, this url might be: https://bigguy:jellydoughnuts@basecamp.com/1234567/projects/89101112.atom

But it's really not a good idea to leave your password within a text field of one of these services -- even if you trust the service.

So, the safer solution is to use an intermediary that can safely store your credentials, access the protected feed, and republish the feed contents at a publicly-accessible url. Basically, we want a public proxy for the protected feed.

I use Yahoo Pipes to accomplish this. This pre-built Pipe makes it very easy to set this up.

Stephen M. Harris
  • 7,163
  • 3
  • 38
  • 44