You are hereSecure RSS?


Secure RSS?


By hagrin - Posted on 05 August 2006

An interesting topic sprung up at Search Engine Watch about the ability to track website changes. At first, I dismissed the article with a "Uhhh RSS and Atom?", but then decided to take a look at the tools mentioned.

One of the major issues that RSS, Atom and other blog feeds have when trying to keep up-to-date with changes to your favorite pages is the ability to securely see "behind login" content. The article suggests a tool (which I have no experience with) that can actually monitor pages that are secured by user login. This got me thinking - why aren't RSS feeds being secured? Email requires you to login, certain HTTP GETS require you to login so why not RSS?

A lot of the problems come from the current RSS and Atom infrastructure. An article at XML.com talks about a hack that you could send yourself encrypted data and then use Greasemonkey to decrypt the text. I don't know about you, but I'm uncomfortable with this level of security - especially since Greasemonkey has been proven to be potentially insecure (see script leak).

Therefore, when people make predictions about the 2006 Internet Secure RSS really should be at the top of this list.