diff --git a/checkin_notes b/checkin_notes
index 858b94b227..9cfdd9e12d 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -6736,3 +6736,9 @@ David  21 Sept 2010
         notices.php
     client/
         cs_notice.cpp,h
+
+David  22 Sept 2010
+    - web: authenticate notices request
+
+    html/user/
+        notices.php
diff --git a/doc/rss_main.php b/doc/rss_main.php
index 10b179cdf8..1d9bcf013b 100644
--- a/doc/rss_main.php
+++ b/doc/rss_main.php
@@ -25,5 +25,5 @@ if (!$forum) {
     exit;
 }
 
-forum_rss($forum->id, 0, 0, 1, 9999);
+forum_rss($forum->id, 0, 0, 1, 14);
 ?>
diff --git a/html/user/notices.php b/html/user/notices.php
index bb0ac9d469..60313eb656 100644
--- a/html/user/notices.php
+++ b/html/user/notices.php
@@ -58,7 +58,14 @@ if (!$since_time) {
 
 $user = BoincUser::lookup_id($userid);
 if (!$user) xml_error();
-if (notify_rss_auth($user) != $auth) xml_error();
+
+// the auth in the URL includes "userid_"
+//
+
+$x = $user->id."_".notify_rss_auth($user);
+if ($x != $auth) {
+    xml_error(-155, 'Invalid authenticator');
+}
 
 $since_clause = "and create_time > $since_time";