I'm interested in Password protecting my apps RSS Feeds. So when you load a RSS feed url in the browser the browser's default dialog asks for a login and password.
Any tutorials or tips on how to get this to securely work? 37 Signals has this behavior on their web apps.
Thanks
http://www.mischefamily.com/nathan/index.cfm/2008/8/13/Basic-Authentication-With-ColdFusion
Don't do it. Most feed readers won't be able to consume your RSS feed if you put a password on it. Most places utilize security of RSS by creating obscure hashes (a private ID) for an individual. They can see this in their login, add the feed and viola.
Related
I'm looking to see some info about my facebook contacts, and I want the info to be overlayed on the currently open website.
Currently, I'm trying to do this via a bookmarklet.
Is it possible for me to overlay a div over the currently open web page and populate it with a functioning facebook login button (if the user is not logged in)? Are there publicly available working examples of something like this?
It is probably not possible to simply embed Facebook within an iframe because Facebook blocks people from embedding their pages within frames or iframes by putting this into the response header, "X-Frame-Options: DENY". This is most likely to prevent click-jacking and similar security exploits.
To test this, enter any page from Facebook into http://savanttools.com/testframe
Facebook has an API which allows you to do many things, but it requires server side code, and can not be done simply with a bookmarklet.
There is also always the brute force method where your server scrapes data from any website you want it to. Then that data could be put into a bookmarklet.
Finally, the same thing could be achieved by writing an add-on or a user script without using a bookmarklet at all.
I develop flash websites that feature posts from a Facebook page. Since I'm not accessing a visitor's account, I don't want them to go through the oauth process. I only want one feed in Json form, but that feed is a page and not a specific user. I've gotten around this by writing a script that I visit to grant an offline_access token. I use that token to access the one feed I need. On page load, I use the graph API Json URL to get the feed and parse the data in flash.
Now that offline_access is going away, I'm trying to find the best way to access the feed in raw json form that will work in flash.
I have read this page (http://developers.facebook.com/roadmap/offline-access-removal/), and can't find a scenario that helps me as all flows require a user to access an app of some kind. Does this change mean that I can no longer access a page feed without the process being transparent to the visitor? If need be I can be asked to be an admin of the pages I need access to, if that helps.
That document outlines all your options -
If acting as the page itself you can get a token which won't expire - Scenario 5 in the document
If acting on behalf as a user you need them to come back at least every 60 days – Scenario 2 or 3 in the document
Is there any way to authorize user (acting as a Page or Page administrator) in the same like FB Conect does but using Page data?
E.g. I would like a company, say local barber, authorize in my system as a certain Page (can be indirect, i.e. through a private account but I would like to know if this user is a page administrator). The purpose of this is to link an account on my website with a certain business that has representation on Facebook.
Well, you could ask the user for manage_pages permission and look if the page you’re interested in is amongst them, but since that’ll give your app also their page access tokens, I doubt they’ll grant you that.
Less intrusive and much simpler would be to have them install your app on their page as a page tab, and then look into the signed_request parameter once their using your app - it has a boolean flag for wether the user is admin or not. After that they can remove your app again.
I'm developing an application for a Hotel where the costumers capture some snapshots and then upload them to their facebook.
Using the graph API it makes you identify yourself on facebook using the security question or identifying your friends.
I want to be able to identify the clients on facebook without the need of pop ups, specifying the user and password that they have previously given me
Is that possible?
If not, if I use the same computer to connect a lot of different people onto facebook, I get asked all the security questions. Can this be avoided with a digital certificate or anything like that?
Edited to add back info that was in an answer
The user 'Authorise my app' already. It's part of the facebook login process.
This should be right way:
The user captures a photo with the webcam.
The user introduces the email and password IN MY OWN FORM
I connect to facebook through my application, submitting the email & password and write some nice text in the user's wall.
This is what i'm doing now:
The user captures a photo with the webcam.
I connect to facebook using my desktop app. A facebook login window appears.
Sometimes, facebook indicates that this computer is login too much accounts, and ask for an aditional security ( phrase or friend's name).
The user grant access to my application.
My application write some nice text in the user's wall.
I need that the user write its own email & password in my form, because there is no keyboard ( it's a touch screen system) And if i show the Windows Touch Screen Window, there is some 'dangerous' keys like 'window' that i do not wan
What you need to do instead is have the user "Authorise your app" this way your application will be given an AccessToken which can then be used to perform the activities you need.
Look into the OAuth protocol and the Graph API
Start here:
http://oauth.net/2/
http://developers.facebook.com/docs/reference/api/
http://developers.facebook.com/tools/explorer/?method=GET&path=616612017
I want to have RSS feeds in my Django application, which should be
viewable only by a logged-in user. I want to allow users to add these
RSS feeds to all aggregators, so I would need something which would
work like this: supply the feed URL with a token, for example:
http://example.com/feed/rss&token=AeYQtFjQfjU5m so that token will
cause the feed to be seen as if the user would be logged in.
Is there some library in Django which would provide such a
functionality?
Try making a hash of some unique property of the user... something like
md5("%s!%s" % (SECRET_KEY, user.username)).hexdigest()
PS - I didn't test this code but you get the idea
You could generate the token when creating a user for the first time. This way you can add the token to the feed when a user is logged in. Later when a RSS feed reader comes by your site for the user, you just load the user information for the user with that token.