- This topic has 3 replies, 2 voices, and was last updated 1 week ago by
.
- Posts
Hello,
I was just looking at the contents of a .ical calendar file which are used to sync calendars and noticed that it contained the name of the booking (SUMMARY:)
This information is obtained via a query string, so it is very simple to get .ICAL data from a site running the Hotel Booking plugin, just by brute force guessing the accommodation_id. In my opinion it would be nice to use a large random character string instead (±25). Any thoughts about this?Hi Stephan,
Thank you for your question. actually there is no private information delivered in the iCal file generated by our plugin – just dates and status to block the dates and avoid overbookings.
Anyway we’ll keep your request in mind and we’ll review link security. Thanks you for your time and feedback.best regards,
JohnWe also have a concern about the publicly available iCal or ics files.
If anyone guesses the URL of the iCal ‘Download Calendar’ file they will have access to all our reservation information. I realize this doesn’t contain sensitive data, but still this is something we would like to keep private.
Do you have any suggestions for securing the iCal/ics files?
Hi Kirstie,
There is no such option at the moment. I’ve added your upvote to the task. We will notify you if we have any news. Thanks.
- You must be logged in to reply to this topic.