Photo security and the share button

tfboytfboy Registered Users Posts: 74 Big grins
edited July 11, 2009 in SmugMug Support
Apologies if this is resolved elsewhere, I wasn't able to find the answer...

Up till now, I've used CSS to hide the button when not logged in: 
.share_button {display: none;}
.loggedIn .share_button {display:block; display:-moz-inline-box; display:inline-block;}

This works as planned; when I'm logged in, I see the share button, when I'm not, I don't :)

However, it does mean that someone who's curious can delete that line of CSS using webdev for example and hey presto, the share button appears.

Now if I go to customise the gallery and disable the share button, of course it never appears. This is more secure, and even if I do a .loggedIn .share_button {display:block !important;} it still doesn't show up.
Problem is, it's still hidden even when I'm logged in.

So in short, there's no way of having a share button for admins and not having it for visitors in a way that's safe and secure. Seems a bit of a shortcoming.

In my opinion, I'd still want to see the share button appear when logged in, and use the easy share on/off in gallery customisation toggle whether it appears for visitors or not.

Should I put this in as a feature request or is there a secure way of having share button appear when logged on and hidden when visitors are viewing? :ear:ear:ear
Xavier
Smugsite: http://photos.xavimages.co.uk - Blogsite: http://www.xavimages.co.uk

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited July 11, 2009
    tfboy wrote:
    Should I put this in as a feature request or is there a secure way of having share button appear when logged on and hidden when visitors are viewing? ear.gifearear.gif
    No, because it's just not possible, if you have external links allowed, anyone can construct a url that will share the photo. For security, use watermarks, block right-click, block external links, and block larger sizes.

    The share button just makes this easier, that's all.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • tfboytfboy Registered Users Posts: 74 Big grins
    edited July 11, 2009
    Andy wrote:
    No, because it's just not possible, if you have external links allowed, anyone can construct a url that will share the photo. For security, use watermarks, block right-click, block external links, and block larger sizes.

    The share button just makes this easier, that's all.
    I understand that if you disable java, it renders rightclick protect useless and anyone can then get the url for the photo.
    I'd just would have thought that the easyshare option if set to "no" would still be worthwhile displayed when logged in.
    In a nutshell, whether you're logged in or not doesn't disable any of the features, right click protect still works, just like hiding the share button still is hidden.
    Nevermind, just hopeful thinking on my side :D
    Xavier
    Smugsite: http://photos.xavimages.co.uk - Blogsite: http://www.xavimages.co.uk
  • denisegoldbergdenisegoldberg Administrators Posts: 14,408 moderator
    edited July 11, 2009
    tfboy wrote:
    ...right click protect still works,
    Right click protect only gives the illusion of protecting your image.

    See http://blogs.smugmug.com/pros/2008/07/04/right-click-protection-and-image-security/.

    --- Denise
    https://www.denisegoldberg.com ... https://denise.smugmug.com

    Musings & ramblings at https://denisegoldberg.blogspot.com
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited July 11, 2009
    tfboy wrote:
    I understand that if you disable java, it renders rightclick protect useless and anyone can then get the url for the photo.
    I'd just would have thought that the easyshare option if set to "no" would still be worthwhile displayed when logged in.
    In a nutshell, whether you're logged in or not doesn't disable any of the features, right click protect still works, just like hiding the share button still is hidden.
    Nevermind, just hopeful thinking on my side :D
    It's not Java, it's javascript, and Denise is right on the money. That's why, you should use all the features available.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited July 11, 2009
    tfboy wrote:
    I understand that if you disable java, it renders rightclick protect useless and anyone can then get the url for the photo.
    I'd just would have thought that the easyshare option if set to "no" would still be worthwhile displayed when logged in.
    In a nutshell, whether you're logged in or not doesn't disable any of the features, right click protect still works, just like hiding the share button still is hidden.
    Nevermind, just hopeful thinking on my side :D
    Actually disabling javascript does not defeat right-click protection. It stops the warning message from poppin gup, but a right-click still does not end up with the image (it ends up saving a blank GIF).

    In any case, I agree with Denise and Andy. Right-click protection can be bypassed in seconds by anyone who understands how URLs are constructed on Smugmug (which takes minutes to learn), so it is only a mild deterrent at best and is not real security. Real security comes from limiting the max display size and from passwords or appropriately done watermarks.

    The Share button is merely a shortcut to construct a direct URL to an image, but anyone can do it manually so hiding the Share button is not providing any security either (it's just removing the easiest way). Hiding the Share button is analogous to removing the walkway to your front door. It makes it slightly less obvious where the front door is, but if someone sees the front door and it's not locked, they can still come right in even though you removed the walkway. If you want security, you have to lock the door.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
     Always include a link to your site when posting a question
Sign In or Register to comment.