Premium Feed Best Practices

As I've been pruning my podcast bonsai tree, I've been reminded that the premium Bald Move feeds use username and password credentials which are stored as plaintext in the subscription url. Although I personally use separate passwords for all sites, this is still a vulnerability as the credentials are sent via http. Since personal security hygiene is still not a common practice among the masses, there are surely dozens or hundreds of multi-use username and password combinations sitting on servers for the various pod catchers. Anytime a subscriber's device refreshes its feeds, these credentials are passed unencrypted via http according to the subscription tool.

I'd like to float the idea of using token based authentication for the feeds. In addition to mitigating the URL vulnerability, tokenized urls might also simplify some of the issues with Pocket Casts, which I use. The new feeds should also utilize https as an added layer of protection. I see https is already supported for apps that prompt for username and password.

As an example, Slate Plus offers token based urls for their feeds:
http://www.slate.com/articles/slate_plus/slate_plus/2014/03/your_slate_plus_podcast_link.html

The internet is not a friendly place. If you guys can find the time to secure the feeds, it would likely prevent fallout from a security breach down the road. This will only become a growing concern as the Bald Move empire expands. Thanks for your consideration.
voodooratjthodges

Comments

  • Agreed. Stuck on this now. Signed up for The Club. Can’t find an iOS caster that works with password protected feeds and Chromecast. 
  • rkcrawf said:
    Agreed. Stuck on this now. Signed up for The Club. Can’t find an iOS caster that works with password protected feeds and Chromecast. 
    Pocketcasts works fine w/ the protected feeds--but I do agree that plaintext credentials isn't great.
  • A_Ron_HubbardA_Ron_Hubbard Cincinnati, OH
    Yeah, it certainly isn't ideal.  I'd love to make all of this more secure.  I'll add this to the 2018 list o' things to do.
    historicstork
  • Man, The Waterboy was so good. You can have Billy Madison and Happy Gilmore and the Wedding Singer and all the rest, just leave me with the Waterboy.
Sign In or Register to comment.