Security should be applied when using "upload" password!

DodgeV83DodgeV83 Registered Users Posts: 379 Major grins
edited September 14, 2005 in SmugMug Support
I'm afraid to give people my "upload" password to upload their pics, because it gives them FULL ACCESS to all of my galleries! Is this normal? Even if my gallery has a PASSWORD and is PRIVATE, anyone with the upload password can access them without needing a password.

It would be really great if my private and secure galleries stayed private and secure from everyone!

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited August 24, 2005
    DodgeV83 wrote:
    I'm afraid to give people my "upload" password to upload their pics, because it gives them FULL ACCESS to all of my galleries! Is this normal? Even if my gallery has a PASSWORD and is PRIVATE, anyone with the upload password can access them without needing a password.

    It would be really great if my private and secure galleries stayed private and secure from everyone!

    how about using email upload?

    that's what i do, it's so very easy.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • DodgeV83DodgeV83 Registered Users Posts: 379 Major grins
    edited August 24, 2005
    When uploading that way the pictures only go to the E-mail folder. Not convienient at all. Anytime someone needs to upload to my site, all of the pictures will be grouped up into one folder, meaning I will have to seperate the pictures myself and know the name of the folder they SHOULD be in.

    Why would a "guest" user have access to private/passworded folders? This must be a mistake.
    andy wrote:
    how about using email upload?

    that's what i do, it's so very easy.
  • DodgeV83DodgeV83 Registered Users Posts: 379 Major grins
    edited August 27, 2005
    So this is really the way its meant to be? Is this some kind of deterrant to using the "upload" password?

    Last week there was a huge conference my company hosted in DC, I COULD give my friends my upload password so they can upload their own pics to my gallery for the conference, but if I do this they will see all of my personal pictures with me and my girlfriend, my private family pictures since 2002.....the list goes on and on!

    The E-mail upload isn't meant for a large amount of pictures, most E-mail clients only allow a small amount of data to be sent. Even if the E-mail client allowed unlimited outgoing attachments, they would still have to manually select ALL of the pictures they took, no drag and drop like with the Smugmug interface...

    Can I please have an official response on this issue?
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited August 27, 2005
    DodgeV83 wrote:

    Can I please have an official response on this issue?

    in order to be sure, please email this and a link to this thread to help@smugmug.com deal.gif
    Andy

    PortfolioWorkshopsFacebookTwitter
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 14, 2005
    DodgeV83 wrote:
    So this is really the way its meant to be? Is this some kind of deterrant to using the "upload" password?

    Last week there was a huge conference my company hosted in DC, I COULD give my friends my upload password so they can upload their own pics to my gallery for the conference, but if I do this they will see all of my personal pictures with me and my girlfriend, my private family pictures since 2002.....the list goes on and on!

    The E-mail upload isn't meant for a large amount of pictures, most E-mail clients only allow a small amount of data to be sent. Even if the E-mail client allowed unlimited outgoing attachments, they would still have to manually select ALL of the pictures they took, no drag and drop like with the Smugmug interface...

    Can I please have an official response on this issue?

    can you explain the usage you have for the guest password? thanks.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • luke_churchluke_church Registered Users Posts: 507 Major grins
    edited September 14, 2005
    DodgeV83 wrote:
    Why would a "guest" user have access to private/passworded folders? This must be a mistake.
    Hi Dodge,

    Caveat: The following is only my opinion, it may well not be Smugmug's opinion.

    Just to explain where Smugmug might be coming from: Generally speaking, permission to write to a server is considered to be fairly highly priviledged. Consider if you gave the world that password and allowed them to upload arbirary photos to arbitrary locations automatically.

    Now say somebody doesn't like you, and chooses to upload obscene pornography to your 'family photos' album, which you were showing to your child............

    For related reasons, such systems are generally designed on the principle of *never* allowing annonymous upload and download to the same location (they tend to turn into distribution points for illegal material)

    I'm not saying your request is unreasonable, just trying to give you the perspective that Smugmug may be taking. With the convience of allowing people to put photos wherever they like, rather than in a fixed location, you are actually granting a lot of trust. Smugmug may feel that this trust level is sufficently high to allow them to also interact with your private galleries.

    Just a thought,

    Luke
    Photography: www.lukechurchphotography.com
    SmugSoftware: www.smugtools.com
Sign In or Register to comment.