[pmwiki-users] RSS feeds and passwords
Jon Haupt
jhaupt at gmail.com
Fri Nov 9 09:52:50 CST 2007
On Jan 19, 2007 12:09 PM, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> Lastly, it's also possible to configure the webfeeds to obtain
> the authentication information from the url directly, as in:
>
> .../Site/AllRecentChanges?action=rss&authpw=secret
>
> The big downside to this is that the cleartext password will
> end up travelling across the net with every RSS request, and
> may end up being recorded in Apache's access logs.
>
I've been thinking about this question of RSS feeds for a while,
unhappy with the idea of sending passwords as plain text and also not
thrilled with the $EnablePageListProtect option. I've noticed that
some applications are creating secret keys by encoding
username/password information and handing this out for subscription --
see Google Calendar, FriendFeed, and many others. How difficult would
it be to get PmWiki to accept an encrypted password in a URL instead
of the plain text password?
Jon
More information about the pmwiki-users
mailing list