Question [Merged topic] RSS Feed for Registered Users?

Let me summarise my understanding on this because it's a huge puzzle in my mind. An "RSS feed" is basically a web page that doesn't require you to login. Right? OK, so how does the website manager know who's reading the RSS feed? How do the other registered users know who's reading the RSS feed. By it's very nature, an RSS feed is a free-for-all.

So, what is being asked for is this: let's develop a system that (somehow) discriminates between information that's accessible only to a certain class of user. That, in a nutshell, is the problem.

RSS feeds can't discriminate. There's no facility to do that.

So, unless you can solve the problem of how to login to a website without actually logging-in to a website, I don't know a solution can be found for this question under the current security model imposed by Joomla and the W3C .

Kelco83 wrote:

I disagree with the backdoor notion. We could simply make the RSS feed inaccessible to [guests?] and have the feed link completely private.

True. You could disable the RSS icon when guests view your forum but if hackers are able to guess the URL of an RSS feed (and it's really easy to do that) they'll have access to whatever information you push out via that facility. Add to that, what happens when your website is spidered by a search engine, like Google?

So what you need to do (in order to use the RSS feed idea) is this: when a user requests the RSS feed (via a web browser, news reader or some other software - some email programs and mobile phones have this technology built-in) you need to issue a challenge/response mechanism that asks for a username/password combination. Someone could make a lot of money developing this protocol, I'm sure, if it doesn't already exist.

In the meantime, here's the simple solution: if you want to restrict access, encourage your users to visit your website and login.

Well, joomla has an rss reader. Its almost like these 2 functions were made for eachother.


Also, some of wish to make the forums public, we just don't want the "administrator has disabled write access" on every post.

I guess I should expound on this a little more. I guess "Security" can mean different things.

To me, secure means that spammers can't come in to my forum and post. I don't mind information that is viewable. Also, if someone wants to be heard in the forum for a community of people, the least they can do is register. It shows atleast some form of support. The last thing I want is a good conversation going and then "guest" comes in and derails the whole thread.

DO I want google indexing my site? Of course I do. Do I want my RSS viewable to anyone, you bet.

I put hoops in place to post, not to view.

If someone is concerned about restricted forum posts becoming public, shouldn't the forum's software know not to post secure categories in the public RSS feed?

The purpose for such a thing is to have recent discussions in Joomla for people reading articles to see. RSS may not be the way to accomplish this, but for now, it seems the most logical way to drive casual readers to the forum.

monkums wrote:

The only issue is that if I set the forum so that is only viewable by registered users then the RSS feed doesn't work.

Kelco83 wrote:

I put hoops in place to post, not to view.

If someone is concerned about restricted forum posts becoming public, shouldn't the forum's software know not to post secure categories in the public RSS feed?

In the first-mentioned, this is why we are having the discussion. I agree, that, on the face of things, Kunena does not elegantly handle the sitation where there are no publicly-viewable forums.

In the second-mentioned case, this shouldn't be a problem; Kunena already addresses this matter, IMHO.

Kelco83 wrote:

I am looking for this functionality as well

Now I'm confused. :S

Perhaps, the question is more about the message that Kunena generates because there are no publicly viewable forums? What if the Kunena RSS feed said something like "I'm sorry, but there are no messages that I can show you because the discussions are only accessible to users who login to the website"? That would be a nicer way of saying things, instead of

This feed does not validate.
• line 1, column 0: Undefined root element: div [help]
<div>This forum is open only to registered and logged-in users.</div><div>If ...

Agreed?

Well, just looking at the feed the forum provides in comparison to Joomla's something is off. Maybe its a bug.

Guys guys, come down.

The proposed feature of including non-public forums content in the RSS feed will be in Kunena 1.6.


You dont see it yet in the developers version yet, but thats only because it is awaiting review by the lead developers. But dont worry, it will come soon enough

Here is a screenshot of the rss features in the 1.6:

Kelco83 wrote:

Well, just looking at the feed the forum provides in comparison to Joomla's something is off. Maybe its a bug.

Can I ask you a question? What if you restrict a Joomla article on your website, so that it can only be seen by registered users? Can anyone discover the existence, or the contents, of that article via the Joomla RSS feed?