This topic contains 3 replies, has 3 voices, and was last updated by 
-
Posts
-
I just realized that the most recently booked appointment is saved on my site’s server as an ICS file, with the service, date, time, and client’s name, email address and phone number.
It’s found at [domain]/wp-content/uploads/bp-scheduler/appointment1on1.ics
This has to be a pretty big privacy concern. Has it been addressed at all?
The ics file can be disabled. Please submit a ticket if you want to disable it.
Jennifer,
Thats not the answer.
The answer is to have it such that this file can not be accessed by anyone else.
Either by randomizing name, auto delete once attached to email, never storing the file etc
Just going through the forums here, I’ve been able to find 9 .ics files with personal information on others’ sites. I’ve emailed the sites I found the files on and linked them to this thread.
Here’s an edited example of one I found:
DESCRIPTION:APPOINTMENT DETAILS\nWhat: 60 Minutes \nWhen: December 14\, 201
6 2:30 pm \nWhere: **** Baker St. – Suite #2\, Nelson\, BC \n\nCLIENT DETAI
LS\nContact: S****** M****** \nEmail: s******@*******.com \nPhone: 403***
**** \nNotes:Someone with better chops and knowledge of a snippet of unique code that Birchpress uses could theoretically find every single one of these publicly accessible files and get a ton of private information from them.
The forum ‘BirchPress Scheduler’ is closed to new topics and replies.