September

8th

2006

Bloglines (un)blacklisted.

Sorry if you use Bloglines to read this site - get a real newsreader. They're blacklisted for security reasons. I'll be adding other net-based readers soon, so that they can't index the private portions of the site.

See the comments, bloglines does not index HTTP authorized feeds. I hope the others are that smart, and I'm going to be attempting to find out/ban them until I do. Kudos to Bloglines for seeing this post and coming to respond - and having the right answer. Thanks. =)

leave a comment!Comments (6)

 
 
 

but what about google feeds? and livejournal rss syndication? are they blocked as well? ;)

I seem to remember having this exact same headache like a year and a half ago..

-Thanatos, September 08, 2006, #,
 
 
Lisa's avatar

*sighs* Am I going to have to kill that feature, then? Meh!

But I’m sure there’s something in a shade of grey…
Something in between…
-Lisa, September 08, 2006, #, the rainbow
 
 

Hello,

I am an Engineer for Bloglines.

We have fixed all known security problems.  We are very concerned about keep our (and your) users secure.

If you know of any security issues with Bloglines that have not been fixed, please let us know and we will fix then as quickly as possible.

Thanks,

Paul Querna

-Paul Querna, September 08, 2006, #,
 
 
Lisa's avatar

Paul:

It is my understanding that once someone http authenticates my feed into their bloglines, you guys then scrape it and make it searchable.  This is a security issue; though possibly not the kind you were thinking of.

The kind of concern is one mentioned by shoes0711 in this thread, and I quote:

Thanks for the great feedback/solution.  I would recommend to folks if you really want to be secure is NOT allow web-based readers access to the RSS feed.  Web aggregators like Bloglines and Newsgator Online can support HTTP authentication.  The problem is these feeds could get added to search indexes.  If it%u2019s company sentive data, this would be a bad thing.  Bloglines has proposed a:

Feed Access Control Standard for RSS and ATOM
http://www.bloglines.com/about/news#114

This type of further restrictions can likely be implemented right now as PHP code that is part of the RSS template (If agent != Bloglines, etc.) but hopefully someone can develop a plugin and/or module to help provide more fine grain controls.

Obviously the first two paragraphs are the ones of concern.

Kindest regards,

-Lisa

But I’m sure there’s something in a shade of grey…
Something in between…
-Lisa, September 08, 2006, #, the rainbow
 
 

Lisa,

Bloglines does support HTTP Authentication of Feeds.

To use it in Bloglines, just use this form for the URL:
http://username:password@example.com/feeed/

When a feed has authentication, Bloglines NEVER includes it in search or any other public viewable page.

The Feed Access Control standard is an alternative.  It allows you to make something never show up in search, without requiring authentication.

Using the Feed Access Control OR requiring HTTP Authentication will both result in the same thing: Your feed and posts will not be visible to the public.

-Paul

-Paul Querna, September 08, 2006, #,
 
 
Lisa's avatar

Paul:

Thank you.  I will post this information to pMachine’s support forums as well, to clarify that.

I appreciate the visit and responses.

-Lisa

But I’m sure there’s something in a shade of grey…
Something in between…
-Lisa, September 08, 2006, #, the rainbow
 




Please note that if you are logged out, your comment will go into a moderation queue for approval. Logging in before commenting will mean that your comments go live immediately.

Remember my personal information

Notify me of follow-up comments?

Please enter the word you see in the image below: