Password access - practical advice required please!
RobotDude
Registered Users Posts: 5 Beginner grinner
I'm hoping someone can help me in configuring my SmugMug site in protecting my photos.
I have 20 years of photos uploaded and have identified 5 types of user I which to give access to:
Anyone - no password protected, public folders
Children - password protected, public folders - for access by my children only
Family - password protected, public folders - for access by my family only
Wife - password protected, public folders - for access by my wife only
Me - not password protected, not public folders - for access by me only
I can identify the user access type for each folder, no problem. However, I have found that once the appropriate password has been entered for the folder unless the 'Don't remember password' checkbox is ticked (which is easy to forget to do), the password is remembered for ever on the computer unless the cookie is deleted. And how often do you delete your cookies and do you know how to do this?
This means that on my children's family computer with a common logon, photos I want only my children to see can be seen, after the password has been entered, by anyone using the computer. Family background: my children live with my ex-wife and partner. There are photos I want only my children to see, but not my ex-wife and certainly not her current partner.
My concern also extends to when my children access their photos at a friend's house on their computer. As they will certainly forget to tick the 'Don't remember password' checkbox and as a consequence users of that computer will always be able to view the photos intented for my children only.
These findings, for me, mean that SmugMug is not suitable for my needs. Password access great! But unless they are cleared, useless! I am surprised that passwords are not cleared when the browser is closed down.
Is it me or does the use of passwords have a serious flaw?
I have 20 years of photos uploaded and have identified 5 types of user I which to give access to:
Anyone - no password protected, public folders
Children - password protected, public folders - for access by my children only
Family - password protected, public folders - for access by my family only
Wife - password protected, public folders - for access by my wife only
Me - not password protected, not public folders - for access by me only
I can identify the user access type for each folder, no problem. However, I have found that once the appropriate password has been entered for the folder unless the 'Don't remember password' checkbox is ticked (which is easy to forget to do), the password is remembered for ever on the computer unless the cookie is deleted. And how often do you delete your cookies and do you know how to do this?
This means that on my children's family computer with a common logon, photos I want only my children to see can be seen, after the password has been entered, by anyone using the computer. Family background: my children live with my ex-wife and partner. There are photos I want only my children to see, but not my ex-wife and certainly not her current partner.
My concern also extends to when my children access their photos at a friend's house on their computer. As they will certainly forget to tick the 'Don't remember password' checkbox and as a consequence users of that computer will always be able to view the photos intented for my children only.
These findings, for me, mean that SmugMug is not suitable for my needs. Password access great! But unless they are cleared, useless! I am surprised that passwords are not cleared when the browser is closed down.
Is it me or does the use of passwords have a serious flaw?
0
Comments
Visitors are the same way. They just want to see the photos.
I think your situation is bit unique. Please remember that when photos are viewed, they are cached by the browser. That means that if your childrens guardians are checking the cache, or using a netnanny type of application it would be very easy to see the photos even if the password was not remembered. Some netnannies will work even if the children clear the cache to hide the photos. So keep that in mind.
We certainly listen to our users. If we get enough requests to change the site behavior, we would consider it.
http://help.smugmug.com
From what you have said and the points about the cache is interesting. I think the bottom line is don't put any images on-line that you would not want viewed by someone else. Therefore SmugMug is not suitable for my family photos which is a shame.
There are several possible solutions on your own computer if you choose to use them.
On our shared computers, we make a Windows login profile for each user, give the parent accounts a password and then tell the computer to return to the login screen after some number of minutes of inactivity. This then gives each user their own entire set of browser cookies, preferences, everything so the issue you refer to does not happen. This is the OS-supported way to handle the situation you refer to.
You could also configure your browser to remove all cookies when you shut it down. Then, when you are done browsing, just remember to close all browser windows.
You could also clear your cookies or just your Smugmug cookies.
If you are using Firefox, you could install a cookie management add-on and configure it so that it does not persistently store cookies from your site. Just shut-down the browser when you're done browsing and all cookies from your site will be gone.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
That way, your ex-partner would have to know _both_ the URL and the password to get access...
It's still not a perfect solution - the URL would be in the browser history, and the photos may still be cached on the hard-drive.
Scott McPherson
www.fortecinema.com