[Update: more results]
[Update: some results left as comments; and more.]
Thanks to everyone who posted comments on my Password-Protected RSS challenge three weeks ago. It turned out that the vast majority of feed readers can handle HTTP basic authentication for feeds.
Of course, if a feed holds important, confidential information, basic authentication over HTTP won’t be enough — you need to be able to use HTTPS to encrypt your password and data in transit. I do not have an SSL/TLS certificate for megginson.com, so I moved my test over to a different site, newmatica.com. Here’s the URL for the same RSS file, this time over HTTPS (the user id and password are still “guest”):
Will your feed reader allow you to subscribe to a password-protected RSS 2.0 feed when SSL/TLS is involved? Here’s what I’ve tested:
- Prompts for a username and password, and stores the password on disk as clear text.
- Reports no feed found. However, will read the RSS file if the username and password are encoded in the URL, i.e.
- Fails: HTTPS not yet supported.
- Reports a 401 HTTP error (authorization required). Strips the username and password from the URL if they are provided.
Once again, I’ll be grateful for comments about other RSS readers.
Update: reports from readers
Once again, thanks to readers who have left reports in comments. Here are the results so far:
- John Cowan and Tim Howland report success.
- Peter Lacey reports success.
- Brent Simmons reports success.
- RSS Bandit
- Dare Obasanjo reports success.
- Opera (8.0.2)
- Tony Coates reports success.
- KDE Akregator
- Douglas reports success.
- Brian R. Barker reports success.
- Silas Hundt reports success, with username and password saved to the keychain.