RSS Feed Security - Bring2mind - Bring2mind Forums - Document

Bring2mind

Select the search type

Site
Web

Search

Support

Bring2mind Forums

Forums
Search Forum
Advanced SearchTopicsPosts

Forums > Document Exchange > Storage and Security

RSS Feed Security

Last Post 06/01/2012 11:06 AM by Peter Donker. 1 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

Han

New Member

New Member
Posts:10

05/31/2012 6:44 PM
HI, Peter: We have enabled all of the docs in a DMX instance to be public (viewable to all users) docs so that the RSS feed can show direct download links without authentication for a client. This is certainly not a secure solution for sensitive documents, which led me to read your documentation on RSS: "It is important to realize that DMX will never serve out protected content to unauthorized users. As at all levels there is a WYSIWYG philosophy, DMX will not serve out metadata of protected content either. You simply do not see content that you’re not allowed to see. When a feed is requested by an external resource, that request can optionally be accompanied with authentication information. This means that to DMX it looks like a known user is requesting the RSS feed. Subsequently the metadata corresponding to that user will be served." Can you explain in detail or point me to resources/examples of how the authentication process works with the RSS feed? Also, our end goal is for a client (such as iPad) to be able to securely download a document uploaded using DMX on a DNN site. We don't care how it's done (well, I do as a developer). So if there's alternative ways to doing this, please advise too. Thank you. Han

Peter Donker

Veteran Member

Veteran Member
Posts:4536

06/01/2012 11:06 AM
Hi Han, The RSS feed is an asp.net request like any other. DMX will examine the login status of the user and return what that user is entitled to see. If you wish to see more than all users the request must be authenticated. In the current DNN solution there are hurdles to overcome. But with DNN 6.2 we still need to check if they’ve been overcome. Having said that, the plain truth is that RSS is a protocol to pass information from one place to another. So I don’t consider it good practice, for instance, to have an authenticated RSS request showing data to a wider audience. That would be a leak. But it is up to you how you use it. If you wish to have an app that gets data from DMX for iPads my first stop would be the template UI. That allows you to craft HTML to correspond to how you want to show things. But it remains restricted to browsers. If you want to go pure data, you’ll need t write your own bit of glue between DMX and the app. I do plan to introduce services to DMX based on what came out with DNN 6.2, but it is still early days. Before all customers have DNN 6.2 it will take some time. Peter

You are not authorized to post a reply.

Forums > Document Exchange > Storage and Security

About Bring2mind

Bring2mind is the company of Peter Donker, a DotNetNuke enthusiast who has been involved with the platform from the very beginning. At the same time as the market for modules emerged, he realized there was no good document management solution for the platform yet and he set about creating this. In part he based the module on his experience with other document management systems he used while working as a researcher. His module, Document Exchange, was an instant success and has since become the premier document management solution for DotNetNuke. In 2004 he created Bring2mind as a vehicle for the module and is one of the few successful businesses solely based on a DotNetNuke product.

Contact Info

Please note we are located in Europe. Business hours are weekdays between 9 AM and 6 PM local time (Central European Time) which corresponds to 3 AM and noon EST.

© 2024 Bring2mind Terms Of Use Privacy Statement