Tips for Password Protecting Your Feed

A quick and easy way to password protect a feed is to set your web server to require HTTP authentication for the directory where the feed and any enclosure files reside. Here are some instructions on how to set up this authentication with Apache: Comprehensive guide to .htaccess

Authentication Support

All the best RSS readers support this authentication including NetNewsWire, NewsLife and NewsFire. As for podcatchers, iTunes and Juice Receiver support this but iPodderX (renamed Transistr) needs the URL tweaked – see the workaround below. Also there are the online services: NewsGator supports it, Bloglines needs the URL tweaked (again, see below) but Google Reader didn’t support it at the time of writing.

Feeder supports HTTP authentication for downloading, reloading and previewing feeds.

Workaround

iPodderX and Bloglines can’t read a normal URL that requires authentication. The workaround is to include the user name and password in the URL itself. For example:

http://user:password@www.example.com/feed.xml

This URL also works in the other RSS reader applications mentioned above.

Updated September 15, 2006 – iTunes 7.0 no longer requires the workaround mentioned above.

5 Responses to “Tips for Password Protecting Your Feed”

  1. Greg Reinacker Says:

    You _really_ shouldn’t expose your credentials in the feed URL…I wrote about this here:

    http://www.rassoc.com/gregr/weblog/archive.aspx?post=779

  2. Steve Harris Says:

    I agree, you shouldn’t expose these credentials by posting the URL online.

    But as for entering a URL with embedded credentials to subscribe to a feed this can be the difference between having something that works and nothing at all. Reality sucks.

  3. I.T. Says:

    Valuable link to the htaccess primer; cheers for that. I hadn’t even thought of password-protecting a feed before, to be honest. I can see how it’s useful for monetising content though.

  4. Don McAllister Says:

    Invaluable utility to manage your .htaccess setup is here:

    http://www.htaccess.biz/

    It costs $49 but is brilliant and gives you all sorts of aditional functionality including the ability to allow users to manage or reset their own passwords. Believe me, if you’re thinking of setting up usernames and passwords, you really want to let the users do this!

    No link with the company but I wish I’d known about it before setting up my scheme.

    Don

  5. Reinvented Blog » Blog Archive » Password Protecting Your Feed Tip Updated Says:

    […] Thankfully, the problem has been fixed in iTunes 7.0 and this workaround is no longer required. I have updated the original post on this blog and the Feeder Tips feed to reflect this. […]