Avoid Use Of FeedBurner "Password Protector"

Some Google products contain features that have limited usefulness, when applied to Blogger blogs.

FeedBurner has a feature, "Password Protector", which may be useful, to newsfeed readers that support HTTP authentication. Within FeedBurner, we have the "Email Subscriptions" service - which does not support feed authentication.
Your readers will be required to use newsreader or aggregator software that supports authentication to view your feed.
Some Google, and non Google, services will have a problem, with a FeedBurner protected feed.

Newsfeeds, published by Blogger blogs, are supposed to be publicly accessible.

A blog with designated readers will not produce a newsfeed. Blogger does not support authenticated newsfeeds.

To use Password Protector, look on the FeedBurner dashboard, under the Publicize tab, for "Password Protector". Enter a Username and a Password, and hit "Activate". But don't do this, without knowing the downsides.

Password Protector uses a single username / password combination. All blog readers will use the same username.

FeedBurner warns us of possible problems, caused by this service.





Important: This service prevents our Email Subscriptions service from delivering email updates from your feed, and it will also password protect your feed's content when redisplayed using our Headline Animator graphic. This graphic itself becomes password protected, which is undesirable if you wish to use it to promote your site/feed. Therefore, we recommend not using Headline Animator or Email Subscriptions, and this Password Protector service, with the same feed.

From what I can see, Blogger Reading List may ignore the authentication requirement. People may use Reading List, and view the blog feed, redirected through FeedBurner - even if not authorized.

We know, however, that email subscriptions will not work, with a protected feed. Looking at an HTTP trace of the feed from my test blog http://techdict.nitecruzr.net, we see a symptom of the problem, with this option.

http://techdict.nitecruzr.net/feeds/posts/default

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://techdict.nitecruzr.net/feeds/posts/default&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO

Sending request:

GET /feeds/posts/default HTTP/1.1
Host: techdict.nitecruzr.net
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 74.125.28.121

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·302·Found(CR)(LF)
ETag:·W/"32e869db-18a9-4ccf-8ad9-dbded29f2b25"(CR)(LF)
Date:·Wed,·27·Apr·2016·15:04:06·GMT(CR)(LF)
Content-Type:·text/html(CR)(LF)
Server:·blogger-renderd(CR)(LF)
Expires:·Wed,·27·Apr·2016·15:04:07·GMT(CR)(LF)

Cache-Control:·public,·must-revalidate,·proxy-revalidate,·max-age=1(CR)(LF)
X-Content-Type-Options:·nosniff(CR)(LF)
X-XSS-Protection:·1;·mode=block(CR)(LF)
Location:·http://feeds.feedburner.com/ChucksTechWorld(CR)(LF)

This appears to be just a redirected blog posts newsfeed, targeting a FeedBurner published feed.

Here, we see a normal redirected blog posts feed.

But what happens, when we try to open the feed?

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://feeds.feedburner.com/ChucksTechWorld&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=TXT

Sending request:

GET /ChucksTechWorld HTTP/1.1 HTTP/1.1

Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 172.217.0.14

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·401·Unauthorized(CR)(LF)

WWW-Authenticate:·BASIC·realm="FeedBurner·feed·ChucksTechWorld"(CR)(LF)

The "HTTP Viewer" service does not support feed authentication (and only works with "HTTP:" protocol). And, we see the result.

It's possible that this feature will be useful, with feeds that are used outside Blogger (noting the Reading List ability). If you're publishing a Blogger blog, however, you're not likely to get any useful result.



Owners of #Blogger blogs, which use the FeedBurner "Password Protector" service, may find that the service delivers less protection - and some interference - other than the service name suggests. It would probably be best to avoid use of this service.

Comments