On Jan 19, 12:27 pm, Enrico <[email protected]> wrote: > So yeah, If google use a custom callback url they can easily use > something like this for > example:http://reader.google.com/pushCallBack/feedid/[feed id here]/hash/[hash > key for feed here] > Then when getting a POST request they can check the hash actually > matches what they expect, and hashing can be done with a secret key or > whatever. > > Simple, Right? > However, that would totally scratch the possibility of using the > "Aggregated Content Distribution" stated in the protocol
I always figured this could be solved by using a unique callback URL per hub rather than per feed. The hub is going to know the callbacks for all the feeds on its server anyway - you only need to protect the callbacks associated with other hubs. Or is there some reason why that wouldn't work? Regards James
