How to create a secure podcast channel for internal podcasting


One of the things which are pretty crucial when you do internal podcasting and deal with sensitive information is the security level you implement in order to protect the sensitive information from unwanted eyes. In the early days when we implemented one of our first podcast series for a pharma company we were shocked to realize that all podcasts showed up in regular podcatch sites such as Odeo. Especially embarassing when Corporate Communications found out about it. Not good.

We learned a lot since. However, most knowledge we learned from trial and error. Surprisingly not a lot can be found on the internet about the process involved. Sure, there are many podcast hosting sites where you can upload your podcast, create a feed and submit it to iTunes. But when you do internal podcasting that is exactly what you do not want to do. Remember, when you use internal podcasting for business purposes two things are important:

1) You do not want your podcast to be found by the Googles in this world
2) You want to password protect your content

In addition, podcasters should in general consider the following as well:

3) You want to be flexible in your decision which hosting service you use
4) You do not want your feed to change since that will result in losing listeners

Regular podcast hosting services are aimed at obtaining an audience as large as possible, and create buzz wherever possible. Internal podcasting wants to stay below the radar, only accessable to selected members.

A few hosting companies have specialized themselves in this area. But not a lot. We have been using Podkive from Genetic Hosting for a while which provides easy creation of the feed through a simple web interface. However, lately they have been having some problems with their uptime, so I decided it was time to investigate other possibilities.

After half a day I think I have figured it out. It does require some logic thinking and I have to admit, it’s not for the technofobes. But it works. Until somebody comes up with an easy point and click system this is what we’ll be using. Let’s have a look.

The ten steps of creating a secure podcast channel:

  1. Take an account with a reliable hosting service which offers password protected directories. I’m not providing any ‘reliable hosting service-lists’ since you can find these plenty on the internet. Make sure that you have sufficient storage and bandwidth.
  2. In your home directory, create two folders: one for the files (video/audio) and one for the XML file.
  3. Password protect the folder with the files. Do not password protect the folder with the XML file.
  4. Upload your content via FTP to your files directory.
  5. Fire up your feed creation software. I use Feeder for that (Mac only, I’m sure Windows has similar programs too). Create your feed. This may require some setting and filling in the right paths where to find the content.
  6. Upload your XML feed via the software to the unprotected folder in your host directory.
  7. Check if your feed works. Copy and paste the feed address in your browser. If all went OK you should get a pop-up window asking for your username/password when you want to access the content.
  8. Now it’s time to make sure you will have the same feed till the end of days. Go to and burn your just created feed into a Feedburner feed.
  9. Take this feedburner feed (starting with[feedname] and check if it works in your browser. Again you should see a pop-up window asking for your username/password. Fill in your credentials. You should be able to see your content
  10. Copy and paste the Feedburner feed into iTunes (Menu Advanced/Subscribe to podcast…). Hit OK. Fill in your username/password and off you go (remember to check ‘Remember Password’)

Because the folder with your content is password protected, Google spiders can not enter and hence can not find your data. If somebody finds the original path (which is difficult since it goes through Feedburner) they still can’t access your files without udername/password. If you want to change hosting services you just link a new feed to your Feedburner feed. End users won’t see the difference.

We think this is a nifty way of creating a secured channel. Is it 100% secure? Most probably not. Die-hard hackers will be able to hack into everything. And remember: the chain is as strong as the weakest link. Change username/password regularly, especially when people leave the company. And of course the morst important tip of the day: Don’t use sensitive information in your podcasts. We use no absolute figures when we talk about sales developments, only percentages. Treat this digital communication channel as any other. Cautiously.

12 Responses to How to create a secure podcast channel for internal podcasting

  1. Interesting article. I’ll have a try at this.

    Do you think this setup would work if you have your Site and Feed hosted in one place (on a web hosting account) and the actual media files in another place (LibSyn for example) ?



  2. Pingback: Podcast Submit | Secure Podcasts | Podcast Marketing | Podcast Submission | Podcast Syndication

  3. Erik says:

    @Stefaan: If you look at safety I would be careful with Libsyn. My podcasts showed up in Google and other podcast aggregators when I used Libsyn (great service by the way, but not secure). If you place your site and feed on a seperate site they still may be able to find your media. Most importantly, if someone knows the url of the libsyn files (e.g. people can forward this url and have access to the media. This would not be the case if the media is protected.

  4. Hm, you have a point there Erik, never thought of it in that way. The would indeed need to find you username and the correct file name for that.

    I’ll have to try something different, still want to keep using LibSyn for my hobby podcast though. No way I could affored 500 downloads for each 30 minute video every month. Would cost me a fortune in Badwidth 🙂



  5. Erik says:

    Does your hobby podcast need to be secure? I agree Libsyn is a great concept: not pay more for bandwidth…

  6. Philip says:

    This is good for one username/password. What about 1000s? I want to create podcasts that are username/password protected, but that information is in a database.

    Any thoughts?

  7. Erik says:

    You need an entire platform for that. The one I know is Podkive but like I wrote, they do have their issues. I do not know any other solution currently.

  8. This is an interesting article and I like the focus on securing directories. What I like about this solution is it provides the technical know-how for people who want externally hosted solutions.

    While I was reading I was thinking of another option.

    Perhaps another solution might be to host the files internally on an internal networked file server that is web-enabled. The downside of this solution is the internal network traffic if everyone downloads the file at the same time, however a large positive upside is that the files are not hosted externally anywhere.

  9. digiredo says:

    @James Your assumption is correct. The most safest thing to do is hosting it internally. However, you then have to deal with corporate IT, and in my experience they are usually not so forward thinking. Moreover, they don’t like the extra bandwidth.

  10. Squatter says:

    anyone here happen to know how to password protect a Podcast Library hosted by Podcast Producer 2 on Snow Leopard Server (10.6)? it doesn’t seem to be protected by default and has the same issues you speak about here.

  11. joshnicholls_ says:

    I followed the directions and got it to work in the browser. When I put the uploaded feed into an RSS reader in Chrome it pulls up the files and prompts me for a username and password to access the file and listen to it. The challenge I have now is that no matter what I do I can’t get it to work on mobile.

    My primary podcast app is Overcast (I’ve tried on the native app Podcast app too) and I tried the trick of sending the username and password in the URL upon setup. Here is my example

    It pulls in the data from the XML file but it doesn’t appear to even try to pull the audio file. Could I have missed a step somewhere? Any coaching or guidance would be wonderful.

  12. BDD says:

    I know that I am posting about 8 years later, but much has not changed in hosting your own password protected podcast. No site really allows it, Podbean does but that is 100$/m. If you use WordPress you might get some luck with a plugin. There is a plugin in called Digital Acces pass but again it does cost $$$$.

    I tried the above trick above AND IT WORKED!!! Thanks

    The only issue is it does not work on most apps. (this is the reason that most hosting sites dont offer this service) I found that it works on the following apps,
    – Android: Podcast Addict and PodKicker.
    – on iOS: Rss Radio (you have buy the pro version) and the native iOS podcast app some times work sometimes it does not.
    – PC: it works with iTunes,
    I found that the Windows 10 app called Grover Podcast will only work if the RSS file is in the password protected file.

Leave a Reply to Erik Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: