iPhone View causing a major security issue
upgradedimages
Registered Users Posts: 4 Beginner grinner
Howdy!!
I've been using SmugMug for a little over five years for my personal photos and created a PRO account earlier this month to a host client-only area for my product photography studio -->
http://clients.upgradedimages.com/
Click the above link on a computer, and you'll see a simple screen that says you need to have the direct gallery link in order to review each client's images. Here's a sample link that I just sent to one of my clients -->
http://clients.upgradedimages.com/Henry-Road/10-14-2009
Again, if you click on the link on a computer, you go straight to the directory, check the images, and life is good. Right?
WELLLLL, if you happen to get the link on an iPhone, you get switched to SmugMug's iPhone mode and are taken to my SmugMug homepage (i.e. the top link in this email), but instead of getting a mini page about how you can't access any galleries without a direct link, YOU GET ACCESS TO EVERY SINGLE GALLERY ON MY SITE.
For those without an iPhone (let me rephrase that... for those who are kind enough to give enough of a crap about this post to still be reading), here's what you see on an iPhone -->
http://upgradedimages.smugmug.com/iphone/#_home
SO, my question here is this. Does anyone have any suggestions for how to keep my client galleries secret to iPhone users without making any radical changes to the non-iPhone site?
Before you answer, let me throw in the following:
1) I don't want to password-protect each gallery 'cause I've had enough experience as an online store owner to know that requiring passwords will cause an entire set of new problems for my clients (not all of whom are computer-savvy -- to put it mildly).
2) Hiding galleries prevents clients from accessing multiple galleries within the same category. e.g. click the Henry Road link above on a computer, and you'll be able to navigate between two galleries for the client without getting access to other categories. Some of my clients have over 100 galleries and can't possibly keep track of each and every direct gallery link.
2) I've already informed help@smugmug.com about the issue and received the following response: "We are looking into adding an option to disable the iPhone mode in the future." I LOVE, LOVE, LOVE the SmugMug support heroes, but I need a fix to this issue yesterday if I'm going to keep this account.
3) So far, the client area only has a dozen or so clients listed, but that's only because it's brand new (just started using it barely two weeks ago). We've got over 500 clients so I need a VERY simple solution to shield my clients from other iPhone-using clients.
I guess that's it. For anyone who has actually read this entire email, THANK YOU. $50 (PayPal) to the first person to give me a reasonable solution.:barb
Ken Greenlee
ken@upgradedimages.com
I've been using SmugMug for a little over five years for my personal photos and created a PRO account earlier this month to a host client-only area for my product photography studio -->
http://clients.upgradedimages.com/
Click the above link on a computer, and you'll see a simple screen that says you need to have the direct gallery link in order to review each client's images. Here's a sample link that I just sent to one of my clients -->
http://clients.upgradedimages.com/Henry-Road/10-14-2009
Again, if you click on the link on a computer, you go straight to the directory, check the images, and life is good. Right?
WELLLLL, if you happen to get the link on an iPhone, you get switched to SmugMug's iPhone mode and are taken to my SmugMug homepage (i.e. the top link in this email), but instead of getting a mini page about how you can't access any galleries without a direct link, YOU GET ACCESS TO EVERY SINGLE GALLERY ON MY SITE.
For those without an iPhone (let me rephrase that... for those who are kind enough to give enough of a crap about this post to still be reading), here's what you see on an iPhone -->
http://upgradedimages.smugmug.com/iphone/#_home
SO, my question here is this. Does anyone have any suggestions for how to keep my client galleries secret to iPhone users without making any radical changes to the non-iPhone site?
Before you answer, let me throw in the following:
1) I don't want to password-protect each gallery 'cause I've had enough experience as an online store owner to know that requiring passwords will cause an entire set of new problems for my clients (not all of whom are computer-savvy -- to put it mildly).
2) Hiding galleries prevents clients from accessing multiple galleries within the same category. e.g. click the Henry Road link above on a computer, and you'll be able to navigate between two galleries for the client without getting access to other categories. Some of my clients have over 100 galleries and can't possibly keep track of each and every direct gallery link.
2) I've already informed help@smugmug.com about the issue and received the following response: "We are looking into adding an option to disable the iPhone mode in the future." I LOVE, LOVE, LOVE the SmugMug support heroes, but I need a fix to this issue yesterday if I'm going to keep this account.
3) So far, the client area only has a dozen or so clients listed, but that's only because it's brand new (just started using it barely two weeks ago). We've got over 500 clients so I need a VERY simple solution to shield my clients from other iPhone-using clients.
I guess that's it. For anyone who has actually read this entire email, THANK YOU. $50 (PayPal) to the first person to give me a reasonable solution.:barb
Ken Greenlee
ken@upgradedimages.com
0
Comments
Making the galleries unlisted will remove them from the iphone interface. Creating the sharegroups will allow your clients with multiple galleries to still see them all in one place.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Portfolio • Workshops • Facebook • Twitter
Hiding things in your page with CSS or javascript is not security or real privacy if that's what you really want. You would use unlisted galleries, sharegroups, gallery passwords or some combination of the three to implement real security or privacy.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
:ivar:ivar:ivar
Great news Andy!
jfriend & Andy... Excellent responses! Very helpful. Thanks so much!
So, which one of you gets the $50 PayPal reward? Split it?
Thanks again,
Ken
Actually, jfriend was first.
the same PW to all of a clients galleries so they only enter it one time and
don't need switching between their galleries. PW could be their last name,
easy to remember.
You are sending them the direct link anyway, why not say in the email to
use their last name as the PW. You can even put that in the PW hint.
My Website index | My Blog