What are the security implications of making a clientaccesspolicy proxy workaround?

Posted by Edward Tanguay on Stack Overflow See other posts from Stack Overflow or by Edward Tanguay
Published on 2010-03-20T19:33:40Z Indexed on 2010/03/20 19:41 UTC
Read the original article Hit count: 352

I wanted to use a published GoogleDocs document as the datasource of a Silverlight application but ran into clientaccesspolicy issues.

I read many articles like this and this about how difficult it is to get around the clientaccesspolicy issue.

So I wrote this 15-line CURL script and put it on my PHP site and now I can get the text of any GoogleDocs document and any text from any URL into my Silverlight application:

<?php
$url = filter_input(INPUT_GET, 'url',FILTER_SANITIZE_STRING);
$user_agent = 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)';
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie");
curl_setopt($ch, CURLOPT_URL, $url ); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
echo curl_exec($ch);
?>

So it makes me wonder:

  • Why is there so much discussion about whether or not URLs support clientaccesspolicy or not, since you just have to write a simple proxy script and get the information through it?
  • Why aren't there services, e.g. like the URL shortening services, which supply this functionality?
  • What are the security implications of having a script like this?

© Stack Overflow or respective owner

Related posts about clientaccesspolicy.xml

Related posts about Silverlight