I would like to provide extended RSS content (extended with unmoderated comments, for example) to premium users (moderators).
Would it be possible to somehow authenticate readers of feeds other than attaching a personal token string to the RSS URL?
Granted, this way a curious person only needs to steal an RSS link like this (much like one could steal a session id), but a password could be acquired just as easily, right?
How could I make this a bit more secure especially against PEBKAC issues?
Would you consider this an idea worth pursuing or should I just discard it and find some alternative? Could you suggest such an alternative?
You can use http authentication, like this java example.
It, and your url idea, are in the open, so https is needed to prevent user/pass/session theft.
You would then also need user and session code, and password recovery code. You could try advertising before doing the work. Create a link, “Click here to pay X dollars for premium rss”, and see if anyone uses it. I think there was a stack overflow podcast that mentioned this, anyone remember which one?