Skip to main content

Avoid Use Of FeedBurner "Password Protector"

Some Google products contain features that have limited usefulness, when applied to Blogger blogs.

FeedBurner has a feature, "Password Protector", which may be useful, to newsfeed readers that support HTTP authentication. Within FeedBurner, we have the "Email Subscriptions" service - which does not support feed authentication.
Your readers will be required to use newsreader or aggregator software that supports authentication to view your feed.
Some Google, and non Google, services will have a problem, with a FeedBurner protected feed.

Newsfeeds, published by Blogger blogs, are supposed to be publicly accessible.

A blog with designated readers will not produce a newsfeed. Blogger does not support authenticated newsfeeds.

To use Password Protector, look on the FeedBurner dashboard, under the Publicize tab, for "Password Protector". Enter a Username and a Password, and hit "Activate". But don't do this, without knowing the downsides.

Password Protector uses a single username / password combination. All blog readers will use the same username.

FeedBurner warns us of possible problems, caused by this service.





Important: This service prevents our Email Subscriptions service from delivering email updates from your feed, and it will also password protect your feed's content when redisplayed using our Headline Animator graphic. This graphic itself becomes password protected, which is undesirable if you wish to use it to promote your site/feed. Therefore, we recommend not using Headline Animator or Email Subscriptions, and this Password Protector service, with the same feed.

From what I can see, Blogger Reading List may ignore the authentication requirement. People may use Reading List, and view the blog feed, redirected through FeedBurner - even if not authorized.

We know, however, that email subscriptions will not work, with a protected feed. Looking at an HTTP trace of the feed from my test blog http://techdict.nitecruzr.net, we see a symptom of the problem, with this option.

http://techdict.nitecruzr.net/feeds/posts/default

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://techdict.nitecruzr.net/feeds/posts/default&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO

Sending request:

GET /feeds/posts/default HTTP/1.1
Host: techdict.nitecruzr.net
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 74.125.28.121

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·302·Found(CR)(LF)
ETag:·W/"32e869db-18a9-4ccf-8ad9-dbded29f2b25"(CR)(LF)
Date:·Wed,·27·Apr·2016·15:04:06·GMT(CR)(LF)
Content-Type:·text/html(CR)(LF)
Server:·blogger-renderd(CR)(LF)
Expires:·Wed,·27·Apr·2016·15:04:07·GMT(CR)(LF)

Cache-Control:·public,·must-revalidate,·proxy-revalidate,·max-age=1(CR)(LF)
X-Content-Type-Options:·nosniff(CR)(LF)
X-XSS-Protection:·1;·mode=block(CR)(LF)
Location:·http://feeds.feedburner.com/ChucksTechWorld(CR)(LF)

This appears to be just a redirected blog posts newsfeed, targeting a FeedBurner published feed.

Here, we see a normal redirected blog posts feed.

But what happens, when we try to open the feed?

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://feeds.feedburner.com/ChucksTechWorld&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=TXT

Sending request:

GET /ChucksTechWorld HTTP/1.1 HTTP/1.1

Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 172.217.0.14

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·401·Unauthorized(CR)(LF)

WWW-Authenticate:·BASIC·realm="FeedBurner·feed·ChucksTechWorld"(CR)(LF)

The "HTTP Viewer" service does not support feed authentication (and only works with "HTTP:" protocol). And, we see the result.

It's possible that this feature will be useful, with feeds that are used outside Blogger (noting the Reading List ability). If you're publishing a Blogger blog, however, you're not likely to get any useful result.



Owners of #Blogger blogs, which use the FeedBurner "Password Protector" service, may find that the service delivers less protection - and some interference - other than the service name suggests. It would probably be best to avoid use of this service.

Comments

Yudi A said…
i have a dilema ...Using blogspot+Feedburner really help to auto post blogspot to twiteer and then from twiteer to facebook or any other method to distribute/promote blog post to any service Etc....the problem is feedburner doesnt add any security feature to help combat Content scrapper..using password protected feature really help a lot 90% content scrapper unable to steal content as it return 401..if only i can manage to allow feedburner post to twiteer ,do you know work around for this matter? perhaps from their "socialize" feature setting?


Nice reading btw
Nitecruzr said…
Hi Yudi,

Thanks for the explanation.

Will a content scraper stop when encountering a FeedBurner "password protected" feed?

The original Blogger feed remains unprotected - so what's to stop anybody from creating a second feed using FeedBurner - or simply scraping from the original Blogger feed, with feed redirection blocked?

Note that one does not have to be the blog owner, to make a FeedBurner feed from a blog.

http://blogging.nitecruzr.net/2011/01/make-email-based-feed-from-somebody.html

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".