Each release of Tasks Pro™ and Tasks 2.x up until this point have used 401 (Basic) authentication to secure the RSS Feeds and iCalendars. The main reason for the use of 401 authentication here is because this is what the software that consumes the RSS feeds and iCalendars support for authentication. It’s the right tool for the job and, configured correctly, PHP supports this quite nicely.
Unfortunately, I have to deal with the reality that some server hosts are configured in such a way that this will not work1. My first concession to this was the creation of the Use Tasks service. We have the server all nicely configured already - all you need to do is fill out a little form and bingo - you’re up and running.
Now, some people don’t want to use a hosted service (for a variety of reasons). This led me to start compiling a list of recommended hosts. However (not surprisingly), some people don’t want to change their hosting provider either.
I get e-mails every week from frustrated potential customers, asking what they can do when the 401 authentication test fails on the Server Check script. It’s frustrating to me as well, but I’m stuck with the tools I’ve chosen; and like all tools they have limitations.
Anyway, the point of all this is to say that as of the next pre-release, Tasks Pro™ and Tasks will now be supporting URL based authentication for RSS feeds and iCalendars.
http://www.example.com/taskspro/
rss.php?username=[username]&password=[password]
This isn’t an ideal solution, but it is another option that is supported by the RSS and iCalendar software. Hopefully it will be acceptable to some of the potential customers that don’t find any of the other options to their liking.
- Generally due to running PHP as a CGI instead of as an Apache module. [up]
Popularity: 3% [?]
Alan adds this Comment:
Ooo… Sorry to have bugged you on email over this Alex =:-|
Reading this post puts 401 fully into perspective.
January 20th, 2005 at 4:38 pm
Geof F. Morris adds this Comment:
I assume that this support is in addition to 401 auth, etc.
January 20th, 2005 at 5:04 pm
Alex adds this Comment:
Yep, new option in the Server Settings - defaults to 401.
January 20th, 2005 at 5:10 pm
Ian Landsman's Weblog adds this Trackback:
Secure RSS Feeds
Alex King runs up against something I’ve been thinking alot about as well, which is the best way to secure RSS feeds. The help desk software I’m working on will support receiving inbound requests and tracking a specific request via RSS. I believe thi…
January 20th, 2005 at 8:19 pm
alexking.org: Blog adds this Trackback:
Tasks Pro™ 1.5rc4 and Tasks 2.5rc4
Release candidate 4 of Tasks Pro™ 1.5 and Tasks 2.5 are now available. These releases contain a larger change than I generally like to make this late in the game, but it seemed like it was important change to make.
Also of note, this release i…
January 21st, 2005 at 11:03 am