Hacker News new | past | comments | ask | show | jobs | submit login

Just a hard to guess one. Like using UUID or things.



I'd be way more comfortable with a VPN or some kind of access-gating for a personal calendar compared to just exposing it on the web and relying on obscurity..


Web calendars don't offer authentication. You have to build it into the URL anyway. If a service I use -- let's say my bank's chequing account, wants to offer a calendar I can subscribe to, I'll be given a URL that looks like https://somebank.com/api/cal?token=abc12345. Anyone who knows that URL can see the calendar as well. No different than my own web app where the URL is https://mysite.com/dev/cal_abc12345.ics.

For a personal calendar, I see no reason to make it any more secure than an obscure URL.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: