[pmwiki-users] RSS feeds and passwords
Patrick R. Michaud
pmichaud at pobox.com
Fri Jan 19 12:09:22 CST 2007
On Fri, Jan 19, 2007 at 12:29:33PM -0500, Sandy wrote:
> I've a section of my site locked (read and edit) to all but family
> members. Using AuthUser, Apache, and pmwiki-2.2.0-beta17.
>
> I'm rather addicted to RSS feeds, and they are working for my site.
> Using WebFeds from the core.
>
> But the RSS doesn't seem to include changes to the password-protected
> pages. Makes sense. ThunderBird doesn't include a "password" field when
> entering the feed address. Bloglines doesn't list anything like that either.
>
> Any ideas?
The last time I checked, RSS and other syndication protocols didn't
really have a well-established interface or mechanism for performing
access control (i.e., authentication). As far as I know this is
still the case.
PmWiki's WebFeeds capability is built on top of pagelists, so it
could simply be that the $EnablePageListProtect option is preventing
the updated pages from appearing in the feed. You might try
setting $EnablePageListProtect=0; and see if the password-protected
pages start appearing in the RSS feed.
The "downside" to setting $EnablePageListProtect to zero is that
anyone doing a search on your site will see the existence of the
pages in the locked section. They won't be able to read any of
them, but they'll know they are there!
You could also set $EnablePageListProtect to zero only if ?action=rss:
if ($action == 'rss') $EnablePageListProtect = 0;
This limits the ability to see the protected pages to RSS feeds;
normal pagelists and searches wouldn't see them.
Lastly, it's also possible to configure the webfeeds to obtain
the authentication information from the url directly, as in:
.../Site/AllRecentChanges?action=rss&authpw=secret
The big downside to this is that the cleartext password will
end up travelling across the net with every RSS request, and
may end up being recorded in Apache's access logs.
There are probably other options available, but this is a start.
We should probably see about adding a Cookbook/FAQ about this
topic somewhere, as the question comes up from time to time.
Pm
More information about the pmwiki-users
mailing list