[pmwiki-users] RSS feeds and password authentication

Patrick R. Michaud pmichaud at pobox.com
Sun Oct 1 22:02:55 CDT 2006


On Sat, Sep 30, 2006 at 11:55:19PM -0400, phenotype wrote:
> Hi folks,
> 
> I've just setup a private wiki that requires a read password, using  
> PmWiki's regular password authentication, but I'm not able to access  
> any RSS feeds through my feedreader. Is there any way I can set up  
> the feeds to request a password in the feedreader, similar to how  
> LiveJournal and PBwiki do it?

Hmm.  PBwiki seems to use the password within the server url, as in
http://u:password@publicwiki.pbwiki.com/...  

In the past when I've attempted to grab passwords in this way I
haven't been very successful at getting it to work under Apache.
So, I wonder what PBwiki is doing to make it work.

I'll take a look at it again, but I suspect these packages
are using a special webserver configuration of some sort.

It is possible to put a password into the RSS feed url, however.
Try placing the following in config.php:

    if (@$_GET['authpw']) $_POST['authpw'] = $_GET['authpw'];

Then the rss feed can be accessed using

    http://www.example.com/pmwiki?action=rss&authpw=password

The downside to this is that the password travels in the clear,
and gets recorded in server logs.  (Using the http://u:password@.../
has the advantage of not recording the password in the server log,
although the password can still be easily captured if sniffed
off the wires.)

Pm




More information about the pmwiki-users mailing list