NationStates Jolt Archive


RSS

05-01-2004, 10:25
It would be nice to have a RSS feed for issues and telegrams for your country. This way, my aggregator could alert me whenever there are new issues or telegrams. Is this possible?

More on RSS here (http://www.xml.com/pub/a/2002/12/18/dive-into-xml.html)
Phoebos
05-01-2004, 19:13
I've wanted this for a while now... would be extremely useful for building apps to integrate with NS.

Not sure whether this has great potential for issues, but would be *very* useful for telegrams.

Any chance of it happening?
SalusaSecondus
06-01-2004, 00:57
SalusaSecondus
06-01-2004, 00:59
I really like this idea. The biggest problem that I see is security.

We need to ensure that only the player can read the telegrams. However, all data must be sent through a GET, and thus is easily stolen.

Thus, we must prevent other users from stealing the telegrams, and contain the damage so that if a malicious user gains access to the data feed, he cannot then use it to hack the nation.

I do have an idea (that I will outline later), but am interested first in hearing what other people have to say.

http://www.weirdozone.0catch.com/projects/nationstates/salusasecondus/salusasecondus2.jpg
SalusaSecondus
Tech Modling
Phoebos
06-01-2004, 02:56
Hmm... security is the big issue, I suppose. I can think of a number of ways around this, but all have the drawback of making it less accessable to a standard RSS aggregator.

Assuming that a standard aggregator allows us only to specify the URL of the feed to access, we really need a way to obscure the user details from the URL. Only way I can really think of doing this is to revert somewhat to the PIN system, and have a web page that will generate a random string that acts as the key to the feed. This removes the ability for people to work backwards from the feed to the main site. However, it leaves the problem that somebody could obtain the url and get telegram access.

As of yet, the only way I can think of avoiding this would be to include a hash of the IP in the PIN, and then simply execute a script that checks it against the computer trying to view the feed. Problem is, this would play havok with AOLers and others who don't have generally static IPs.

Of course, for the purposes I want to use such a feed for, this wouldn't be a problem, as I can simply POST the data to the server. It's getting personalised RSS feeds that's the problem. Hence, the other way is to build a specific app to get the news feed, but I can't see this being popular.
SalusaSecondus
06-01-2004, 03:04
Glad to see that someone else has the same strategies as me. I was thinking about generating a key as a random int 1 - 1,000,000 which would serve as the password to get telegrams. However, on the telegrams page would be an option to generate a new on (if you feel that it has been compromised).

Example
[code:1:2a55055dfb]http://www.nationstates.net/cgi-bin/telegram.rss?nation=salusasecondus&pin=902752[/code:1:2a55055dfb]
Goobergunchia
06-01-2004, 03:13
Glad to see that someone else has the same strategies as me. I was thinking about generating a key as a random int 1 - 1,000,000 which would serve as the password to get telegrams. However, on the telegrams page would be an option to generate a new on (if you feel that it has been compromised).

Example
[code:1:a06732935b]http://www.nationstates.net/cgi-bin/telegram.rss?nation=salusasecondus&pin=902752[/code:1:a06732935b]

Reminds me of the old days when I first started when all of the URLs had these PIN numbers in them. That was version 1.4, the pre-cookie era. *shudders*
06-01-2004, 14:14
I think using some sort of hash or pin would work really well. The RSS feed could include a lot of things, from outstanding issues and telegrams to UN resolutions and how many votes there are right now.
Phoebos
08-01-2004, 18:37
So is this going to get added to the 'to-do' list?
Goobergunchia
08-01-2004, 22:27
Is this related to today's URL change?

Old: http://www.nationstates.net/cgi-bin/index.cgi/page=display_nation

New: http://www.nationstates.net/cgi-bin/index.cgi/*****/page=display_nation

where the ***** represents a 5 digit number which I'm withholding because it's probably like those blasted PIN numbers of version 1.4.
Topnotch Toast
09-01-2004, 01:45
Topnotch Toast
09-01-2004, 01:46
Another thing you could do is have a cgi file that you can just send post data too... which sould be a good alternitive to having a PIN number straight in the URL. That would make security a bit better...

-Toast
SalusaSecondus
09-01-2004, 01:56
Goob, No one told me this was happening!

Sheesh. Actually, it's similar to your pin, but that's it. If I am correct, it is not sufficient by itself to hack your nation, but it does add to security.

Hmm, well, it just looks like an extension of security that I put in a while ago. I like it.


Toast, though that would be better, I believe that many systems that use RSS expect just a URL.
Unfree People
09-01-2004, 03:29
Those link changes really confused the heck out of me. Just to clarify; if we accidentally give out one of these links with this number in it, it's OK? That in itself is not suffencient to hack into our nations?
Phoebos
09-01-2004, 17:41
As far as I can tell, no. I sent a link out to a friend of mine with the number in and asked if it logged him in as me, and he confirmed that it didn't. Although the link I sent was for an unimportant puppet, just in case...
SalusaSecondus
09-01-2004, 19:02
I was wrong, those numbers are there to help prevent caching of pages. That's been a recurrent problem for many players (especially those with proxies).