Calendar security concern

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #710643
    Stephan van der Klei


    I was just looking at the contents of a .ical calendar file which are used to sync calendars and noticed that it contained the name of the booking (SUMMARY:)
    This information is obtained via a query string, so it is very simple to get .ICAL data from a site running the Hotel Booking plugin, just by brute force guessing the accommodation_id. In my opinion it would be nice to use a large random character string instead (±25). Any thoughts about this?

    J. Davis

    Hi Stephan,

    Thank you for your question. actually there is no private information delivered in the iCal file generated by our plugin – just dates and status to block the dates and avoid overbookings.
    Anyway we’ll keep your request in mind and we’ll review link security. Thanks you for your time and feedback.

    best regards,

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.