Wedge
Public area => The Pub => Topic started by: Dragooon on April 17th, 2013, 06:21 PM
-
It'll be useful to have an unread posts/latest posts with respect to the member RSS feed, since I use my RSS reader a lot on my phone. Having some sort of RSS-only key can solve the problem of security, although I'm not entirely sure. Plugin, perhaps?
-
I think we discussed that in the past...
I don't remember the outcome of our conversation, though. Nor why we didn't implement anything in that respect...
-
The main issue was security. Having an RSS only key means you expose something that should not necessarily be public *simply by way of the URL*
I'm not even fond of what Google Reader used to do which was expose the user/pass combo through HTTP Basic (i.e. http://user:pass@example.com/) though I could see a plugin accepting a hashed version of the password and using that to delegate authority. But it would have to be hashed in a different way to the main password for security reasons.
Using HTTP Basic is about as primitive as it gets simply because of the fact it's exposing the 'password' with every request to every system along the way (it's passed unencrypted)