Blog homeI have written about the Opodo EscapeMap system a couple of times before - both times positively. In essence it is a Google map based system for geographically navigating special offers. It is actually quite nice and I expect is working fairly well for them.
Previous posts: Comparing the Travelocity ExperienceFinder, Opodo EscapeMap and various solutions from Expedia and back in August when they first launched.
Special offer API
In my last coverage I mentioned that Opodo, one of Europe’s largest online travel agencies, managed to leave a nice API open letting anyone come and “collect” Opodo’s special offer data - all nicely formatted in XML. Not a major sin - but I would have made the API a little more secure from simple viewing using a combination of JavaScript obfuscation and XML encryption (and a daily changing key). This wouldn’t be foolproof, but it would stop people like me from messing around.
Example XML response (works best in Firefox, but go view source in IE if you get an error page)
Why is this data exposure wrong?
A competitor could take advantage of this data freely given by Opodo - by incorporating that data into their own revenue management system - so competitors can see how their offers compare to Opodo’s and adjust their own offers in response. This kind of data is gold dust. You could easily look out for the latest change in Opodo special offers and immediately react with your own offers to the destinations they are pushing that week….
As I know that various people from Opodo have read that post I am surprised that they have not changed their system yet (they have had 4 months). Maybe they don’t realise what competitors get up to with this kind of data! Maybe it was just PR people who read the post!
What now?
I was searching for Opodo EscapeMap via Google and I noticed something a little odd:
Yep - if you search as above - what you get is now a nice error message coming up in the Google results.
A couple of points about this:
- There should be a robots.txt file on http://escapemap.opodo.co.uk - that would sort Google out within a few days
- The PHP server(s) running Escape Map should have their error messages turned off. At the moment the messages are going to the end user - which is really bad (it is a simple configuration switch on the web server!)
- One reason exposing PHP errors is bad is because you can see where the error line is. It is in a file called getMapSearch.php - which is an incorrectly located include file. Include files really need to be out of the webserver public space - otherwise, if you accidentally misconfigure your server (like Facebook did in August this year), you can expose your core, proprietary, code (or things like database passwords etc). Opodo could also try using pre-compiled (encoded) PHP…. which absolutely stops code leaks in situations like server mis-configurations
- This is really not very good for search engine optimisation - knowing how much companies like Opodo spend on SEO and online marketing - I am amazed that no one is picking up on this.
I am not trying to pick on Opodo specifically however these kinds of examples can really show us all how important good quality control is. People in marketing and web development teams need to understand each others jobs - and what kind of things to look out for when putting new functionality live.
These kinds of problems didn’t happen in the “old days” (I am a bit young to reminisce) - when a site of this size would be run be a small team of people - all with good all round experience. Now when you have hundreds of people responsible for a website - everyone only works in their own section - and never gets the full picture - and may never have actually worked in other areas.
For example, the person responsible for revenue management within Opodo is probably really happy that users can now navigate special offers easily. However they are probably scratching their heads wondering how competitors are reacting so quickly to their new offers!
If you want to be notified next time something is published sign up for email alerts or subscribe to the RSS feed. Thank you for reading!
on your comment on revenue management, most OTA’s conduct extensive price checking using other systems and probably would not find this XMl that useful. Smaller providers may find it useful, but the question is whether they are actually in the same league as Opodo.
The PHP error looks bad… as for seo, as the site uses Ajax it would not lend itself to SEO anyway…
P
OK - those are great points. Thank you.
The offers feed though would give an insight as to what kind of offers the Opodo commercial people are thinking of creating (which is not the same as the conventional price comparison) - and some of these offers may only be available onsite (and therefore not distributed to 3rd party price checking mechanisms)
I have my doubts overall about the Opodo website - I used to use them a lot but since they have “upgraded” the site using AJAX to “help” with choosing destinations then I get a lot of “System Error” messages.
I let them know but their wonderful Customer Suport people didn’t even understand the issue and said that it was because the flight I was looking for was full!!! They seem to be oblivious of the fact that it’s their own system throwing system errors. Their own front line people don’t even know the system and I wonder how much user feedback actually gets back to their backoffice IT people.
It worked much better when it was kept simple - maybe a lesson for all of us there!
Paul.