[dokuwiki] Re: Relaying authentication for RSS

• From: Michael Hamann <michael@xxxxxxxxxxxxxxxx>
• To: dokuwiki <dokuwiki@xxxxxxxxxxxxx>
• Date: Tue, 06 Apr 2010 19:39:01 +0200

Hi,

Excerpts from colin.mckinnon's message of 2010-04-06 18:39:26 +0200:
> It has eventually dawned on me that the reason my dokuwiki RSS feed is  
> blank when viewed within dokuwiki is because I'm passing any authentication  
> credentials (unauthenticated users get no access) to feed.php
> 
> I see that I can code the markup as:
> 
> {{rss>http://mysite.com/dokuwiki/feed.php?u=username&p=password}}

Why are you embedding the feed of the wiki in the wiki itself? If you just want
to display the recent changes, you can use a plugin like
http://www.dokuwiki.org/plugin:changes.

> ...but I'd rather use the authentication for the current user. So my next  
> thought was to add a 'relayauth' option to the rss parser, which would  
> instruct it to insert appropriate values for the username and password into  
> the URL in ./inc/parser/handler.php:rss() but I note that the  
> $_REQUEST['u'] and ['p'] vars are not populated when the user is  
> authenticated from the session. The session holds the username, but the  
> password appears to be encrypted.
> 
> Can anyone point me to how I go about decrypting this value?

You can't (at least there is no efficient algorithm that's known today). It is
encrypted using salted md5 for good reasons. Storing passwords in plain text is
a really bad idea as as soon as there is a security issue anywhere on your
webspace or server, the passwords of all users will be available, and not so
few users don't use a different password for every site. And if only the
passwords file would be available, the attacker could easily login using any
user account he wants.

The RSS syntax is thought for static feed urls and in general for embedding
feeds that are not from the same Wiki, that's why the feed is cached for some
time, so what you are trying to do is not really what the RSS syntax is thought
for.

Michael
-- 
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Relaying authentication for RSS
    • From: colin . mckinnon

• References:
  • [dokuwiki] Relaying authentication for RSS
    • From: colin . mckinnon

Other related posts:

• » [dokuwiki] Relaying authentication for RSS- colin . mckinnon
• » [dokuwiki] Re: Relaying authentication for RSS - Michael Hamann
• » [dokuwiki] Re: Relaying authentication for RSS- colin . mckinnon

1. Home
2. dokuwiki
3. Archive
4. 04-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---