RSS full text

We've just launched a beta of our new RSS service. Like most premium subscription content providers I can think of, we offer headlines and summaries only. (In fact compared to some we are generous by giving more than headlines, and making it available as public feeds, although with restricted rights) No sooner do we do this than someone tells me a client is cancelling because we don't provide full-text RSS.

Actually this would be pretty easy to do, technically - just write an HttpModule which handles feed requests over HTTPS, and uses our standard login procedures to authenticate by IP or by username and password (using HTTP plain-text authentication over SSL (HTTPS)). Then for validated users, use a stylesheet to transform our underlying XML data directly into RSS elements (or better, Atom, I suppose, since there's so much HTML).

But the problem isn't really technical, it's just how easy it would be for people to redistribute our data this way. Like all premium content providers, we have some leakage of content, but we tend to regard that as a good thing - it means our name is out there more. Our monitoring suggests that few users abuse this. But RSS makes it so easy to pass on our data, and, worse, to mix it up with other people's. So we need to think hard about this one. I don't think it's an accident that few of our competitors are doing it.

SQL Server 2005 Connection Strings

Gah. Bit of head-beating today, as it takes me a while to figure out that under SQL Server 2005, at least the Express version, you should not include Initial Catalog in the Connection String for a user who cannot read the Master database.

Even if it is a database to which the relevant credentials are OK, the connection will fail with an error "Cannot open database... requested by the login. The login failed."

Instead, you must specify a default database for that user, and omit the Initial Catalog. So in the end the Connection String is pretty much only "Integrated Security=SSPI;Data Source=.\SQLEXPRESS"