Passwords vs. obscure directory names
So recently I’ve been reading all of my RSS feeds using Google Reader. The thing I like the most is that I can click “Share” and it goes to my own special little feed comprised of articles that I pick. I don’t have to write any commentary, I don’t have to do shit — it just pops the article right in there. Pretty sweet, and pretty easy.
Here’s my problem. I got my first “subscription-only” RSS feed, and I don’t know what to do about it — Google Reader doesn’t support feeds that require authentication. I mean, I can read it in my primitive NetNewsWire reader, but I lose my wonderful “share” functionality.
One thing that pops to mind is that instead of using authentication, use obscure directory names and symlinks. So if you want to authorize Joe for a feed, you make a directory called “Joe-asalkjshflkjh234ihlkjh234″ or whatever. The point is that it should have Joe’s name in it (so you know it’s Joe’s) and some amount of random crap in it, so that it’s hard to guess. Put a symlink in the directory to the actual feed, and then give Joe the URL.
Now, one thing that might happen is that your jerkwad RSS reader might do something with that feed other than use it to make an article list for you (like they might retain the feed URL and it might get leaked). That’s a bit rude, but I’m not sure what you can do about it.
The good news is that if you want to remove Joe’s feed, just rm it, or if he needs new credentials, just mv it. Unless directory browsing is turned on for your website, no one should know that directory is out there.
