What are the security implications of making a clientaccesspolicy proxy workaround?
Posted
by Edward Tanguay
on Stack Overflow
See other posts from Stack Overflow
or by Edward Tanguay
Published on 2010-03-20T19:33:40Z
Indexed on
2010/03/20
19:41 UTC
Read the original article
Hit count: 354
I wanted to use a published GoogleDocs document as the datasource of a Silverlight application but ran into clientaccesspolicy issues.
I read many articles like this and this about how difficult it is to get around the clientaccesspolicy issue.
So I wrote this 15-line CURL script and put it on my PHP site and now I can get the text of any GoogleDocs document and any text from any URL into my Silverlight application:
<?php
$url = filter_input(INPUT_GET, 'url',FILTER_SANITIZE_STRING);
$user_agent = 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)';
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie");
curl_setopt($ch, CURLOPT_URL, $url ); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
echo curl_exec($ch);
?>
So it makes me wonder:
- Why is there so much discussion about whether or not URLs support clientaccesspolicy or not, since you just have to write a simple proxy script and get the information through it?
- Why aren't there services, e.g. like the URL shortening services, which supply this functionality?
- What are the security implications of having a script like this?
© Stack Overflow or respective owner