RSS feeds for private wikis

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RSS feeds for private wikis

vmassol
Administrator
Hi there,

It would be nice for xwiki to offer a solution for providing RSS feeds for
private wikis. One solution that I've seen used is to generate a unique RSS
feed URL per registered user. Here's a security note I've found on a site
that does this:

"
Don't share RSS and iCal links

Anyone with the URL to these links can see your posts (via RSS) or
milestones (via iCal), so be careful who you share them with (and don't post
them on public web-based newsreaders or aggregators such as Bloglines).

Also, don't share these links within the company. Each person should login
and subscribe to their own personal feed.

Should someone else get ahold of your private RSS/iCal URL, just change your
password ("Contacts" tab) and a new URL will be generated (you'll need to
resubscribe - the old URLs will be invalid.

The details: The RSS and iCal links use a unique token in the URL as their
only form of authentication. That means anyone with the full address will be
able to subscribe to the feeds without logging in. Therefore, you should
take care to keep these URLs hidden.
"

Here are the format of the feed URL on that site:
http://learning.something.com/projects/174559/feed/recent_items_rss?token=f4
546fdb83e37546546ghgfddg4&client_id=139454

I think this is a nice solution.

WDYT?

-Vincent




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: RSS feeds for private wikis

Ludovic Dubost

Right.. the token is a nice solution.. It could be done quite easily
since we already have a token in XML-RPC..

Ludovic

Vincent Massol wrote:

> Hi there,
>
> It would be nice for xwiki to offer a solution for providing RSS feeds for
> private wikis. One solution that I've seen used is to generate a unique RSS
> feed URL per registered user. Here's a security note I've found on a site
> that does this:
>
> "
> Don't share RSS and iCal links
>
> Anyone with the URL to these links can see your posts (via RSS) or
> milestones (via iCal), so be careful who you share them with (and don't post
> them on public web-based newsreaders or aggregators such as Bloglines).
>
> Also, don't share these links within the company. Each person should login
> and subscribe to their own personal feed.
>
> Should someone else get ahold of your private RSS/iCal URL, just change your
> password ("Contacts" tab) and a new URL will be generated (you'll need to
> resubscribe - the old URLs will be invalid.
>
> The details: The RSS and iCal links use a unique token in the URL as their
> only form of authentication. That means anyone with the full address will be
> able to subscribe to the feeds without logging in. Therefore, you should
> take care to keep these URLs hidden.
> "
>
> Here are the format of the feed URL on that site:
> http://learning.something.com/projects/174559/feed/recent_items_rss?token=f4
> 546fdb83e37546546ghgfddg4&client_id=139454
>
> I think this is a nice solution.
>
> WDYT?
>
> -Vincent
>
>
>  
> ------------------------------------------------------------------------
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>  

--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws