Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 15, 200618 yr The ability to have an RSS with https/SSL and/or password protection that uses the IPB database.
December 15, 200618 yr The problem is most feed readers don't support password authentication.And for https, the whole site has to go under https - if you do make this switch, the RSS will also go over https.
December 15, 200618 yr You don't do anything to use the board over SSL. Simply drop it into a Web Root, and have Apache (or IIS, or Lighttpd, or whatever) bind that site as an SSL site. No IPB configuration needed. So, I'm not sure why you want them to add an option to IPB that by it's very nature can't do anything about it.
December 15, 200618 yr Secure RSS would be great, as the feature is not usable for me at the moment.Just have the RSS link generated with a hash of the password. They'd need a new link whenever they changed their passwords, but it would work.
December 18, 200618 yr Well some form of security would be very useful when it comes to a public/internal site.
December 18, 200618 yr +1 on authenticated RSS. The readers and sites I use support it. Even so, as an option, that wouldn't constrain people who don't want to use it.
December 20, 200618 yr I have many hidden forums - an obvious example would be the administrators forum. If I were to enable RSS on that forum, any member could potentially read posts. If it checked my user account, and checked the permissions, then it would make the RSS feature usable.
December 20, 200618 yr I have many hidden forums - an obvious example would be the administrators forum. If I were to enable RSS on that forum, any member could potentially read posts. If it checked my user account, and checked the permissions, then it would make the RSS feature usable. That's easy to say, but how would a feed reader check your user account? A feed reader isn't going to have access to your cookies, for example...
December 20, 200618 yr Community Expert Management We could go the google calendar's route and allow one to set up 'private' RSS feeds vai obfuscation.index.php?rssid=1&key=ej3e8j3e83jhj8ji3jerjfThis would allow the creator to know the key, but not anyone else.
December 20, 200618 yr We could go the google calendar's route and allow one to set up 'private' RSS feeds vai obfuscation.This would allow the creator to know the key, but not anyone else.I think that would be best, more secure, and more cross compatible :)
December 20, 200618 yr That's easy to say, but how would a feed reader check your user account? A feed reader isn't going to have access to your cookies, for example...Yep, as I posted earlier (and as Matt has pointed out), a link with some sort of password hash or key would work. I forgot that Google calendar does it as well - activeCollab, a project management system, also uses this method.I had used a similar method with 2.1 and IPBSDK to produce secure feeds. Would be great if it became a feature though :).
December 20, 200618 yr An idea I have is to create a random hash:md5( uniqid( microtime() ) )And save one for every member. That would be the "rss access key" that would automatically be appended to the end of the rss url. If the rss key is invalid or one isn't provided it would just assume it's a guest. If it is valid load up the forum permissions and apply them. Then in AdminCP you could reset an rss access key per member if you needed to.
December 21, 200618 yr Something that I've never seen in web forum software is support for public key encryption, for both posts and PMs. If you're going to encrypt RSS, how much harder would it be optionally encrypt everything? That would be awesome even as a paid addon.
Archived
This topic is now archived and is closed to further replies.