simonbengtsson / eventcal

Filter to only include attending and maybe facebook events in ical and google calendar
http://eventcal.flown.io
MIT License
211 stars 8 forks source link

Restrict to Facebook's calendar URLs #3

Closed mems closed 8 years ago

mems commented 8 years ago

Protect this script to be used as a web proxy http://eventcal.flown.io/?calendar=http%3A%2F%2Fgoogle.com

simonbengtsson commented 8 years ago

Looks like a good idea! Updated the site with these changes now.

simonbengtsson commented 8 years ago

This tickled my curiosity somewhat... Are there any security risks as it were before? Or just that the service might be used for things it was not intended for?

mems commented 8 years ago

An open proxy could be used to abuse to remote servers (spamming, vandalism) or access to illegal content, but hidden behind your server. https://en.wikipedia.org/wiki/Open_proxy#Disadvantages https://www.internet2.edu/presentations/spring03/20030409-OpenProxy-StSauver.pdf#p=56 eventcal is not a HTTP proxy: only GET without header requests are allowed. It's still a risk.

simonbengtsson commented 8 years ago

Make sense! Thanks for the info.