On Jan 19, 2007 12:09 PM, Patrick R. Michaud <[EMAIL PROTECTED]> wrote: > Lastly, it's also possible to configure the webfeeds to obtain > the authentication information from the url directly, as in: > > .../Site/AllRecentChanges?action=rss&authpw=secret > > The big downside to this is that the cleartext password will > end up travelling across the net with every RSS request, and > may end up being recorded in Apache's access logs. >
I've been thinking about this question of RSS feeds for a while, unhappy with the idea of sending passwords as plain text and also not thrilled with the $EnablePageListProtect option. I've noticed that some applications are creating secret keys by encoding username/password information and handing this out for subscription -- see Google Calendar, FriendFeed, and many others. How difficult would it be to get PmWiki to accept an encrypted password in a URL instead of the plain text password? Jon _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
