http://127.0.0.1:8080/blog/taxonomy/term/1252/0 en http://127.0.0.1:8080/blog/fun-google-docs-urls <p>I`m not a big user of docs.google.com , but occasionally I use it sharing a public document to work on with friends or collegues.</p> <p>So we have this spreadsheet we're sharing with some family and friends to swap Disney stickers. Google Docs has the option to publish that document publicly as html for others to view.</p> <p>So I tried , and it generated me a very nice url</p> <p><a href="http://spreadsheets.google.com/pub?key=rtlvf2-JSU1Pw-oPtuIZBPg&amp;output=html&amp;gid=0&amp;single=true&amp;range=A1:C300" title="http://spreadsheets.google.com/pub?key=rtlvf2-JSU1Pw-oPtuIZBPg&amp;output=html&amp;gid=0&amp;single=true&amp;range=A1:C300" rel="nofollow">http://spreadsheets.google.com/pub?key=rtlvf2-JSU1Pw-oPtuIZBPg&amp;output=ht...</a></p> <p>My sleepy eye catched the A1:C300 ending part .. which was generated by the friendly popup that asked me if I wanted to show all Sheets, or just a range of the page.</p> <p>Dare I pasting that URL into another browser and change the range ? Like changing the range from A1:C300 to A1:D300 ?</p> <p>Suprise suprise .. that worked ! I could perfectly see the content of the other cells. </p> <p>Apart from pointing to the Google API the popup doesn't really mention that publishing only a range won't restrict the actual viewing off the other data.</p> <p>I can imagine some less technical savvy people to expect the rest of their data is secure... Well, it obviously it's not !<br /> Not sure if Google does this on purppose, or by accident.</p> <p>If it stops working next week it was by accident :)</p> http://127.0.0.1:8080/blog/fun-google-docs-urls#comments docs.google google googledoocs security url mangling Fri, 15 May 2009 18:16:22 +0000 Kris Buytaert 909 at http://127.0.0.1:8080/blog