Guest Login has too much power!
finalblue
Registered Users Posts: 8 Beginner grinner
I have a Pro account... does anyone know if there is a way to restrict how much power a guest login has?
From what the help pages said, the guest login would be able to upload pictures BUT it didn't say that the guest login would also be able to customize your galleries! It can actually change the passwords to your galleries and every other option that would normally be available to you when you're logged in as the account owner.
It would be nice if my guests can contribute comments and pictures, but it sucks if they can change things such as whether my pictures are protected or not. :cry
From what the help pages said, the guest login would be able to upload pictures BUT it didn't say that the guest login would also be able to customize your galleries! It can actually change the passwords to your galleries and every other option that would normally be available to you when you're logged in as the account owner.
It would be nice if my guests can contribute comments and pictures, but it sucks if they can change things such as whether my pictures are protected or not. :cry
0
Comments
Portfolio • Workshops • Facebook • Twitter
Success stories begin here.
hiya shane
if you look carefully, "delete photo" and "delete photos - bulk" are gone from the photo tools menu when a guest is logged in. "delete gallery" is there, under the gallery tools menu, but in actuality, if you go thru the delete process with that menu as a guest, a gallery created by the gallery owner won't be deleted. i'll have to ask jt or onethumb why the choice is actually there when logged in as a guest. hey, try it yourself please, and see...
regarding the other "guest powers," think about it this way: if smugmug were to allow guest logins with very limited powers, say.. create galleries, upload, share etc, then what would stop a someone from misusing this feature?
btw, i use the email to smugmug feature for guest uploads to my site
hope this helps,
Portfolio • Workshops • Facebook • Twitter
And I just assumed that "Delete Gallery" and the subsequent "Yes on No" question would have deleted the gallery in question...I was not about to test that to see if that really worked or not!
I'm not concerned about people misusing as much as simply playing around and making mistakes. But still, I think that a limited set of what they can and cannot do would only help ensure that any mistakes or misuse would be limited.
For example, I've just logged in as a quest on my site, guests can sort galleries--any gallery on your website, color and crop photos, move them, delete catigories, and many other things that does not make for a guest to be able to do...at least to me it does not to me. Thanks for the reply, you are always great about posting help, best, Shane
check the smugmug help section on guest passwords the function works as it's stated in the documentation...
i wasn't inferring that your guests might misuse the power, but suppose someone decided to set up their own little subsmugmug with guest pws that had limited power... it's not going to happen with the way the system is currently set up now, is it
cheers shane!
Portfolio • Workshops • Facebook • Twitter
Is there any update on this?
Thanks
Josh
Hi Josh, thanks for posting. No, no update - the feature is working as it's been designed.
Cheers!
Portfolio • Workshops • Facebook • Twitter
Yup. They can see them but they can't delete them or any photos in them.
Think about what *could* be done if we made it really super easy to have guest passwords without such abilities - the potential for abuse is very great - not that you'd be abusing, but I hope you understand my point...
Portfolio • Workshops • Facebook • Twitter
Point understood. Maybe I can just password protect them and not give them the passwrod for that gallery. Would that work?
Not to change the subject but has the idea of offering photo packages been thought of. I am going to begin doing some portrait work for some friends and would like to offer a package like what a studio would offer if you went to have family portraits done.
Guests would see the password.
Yep. Thanks for the suggestion, and telling us that it's important.
Portfolio • Workshops • Facebook • Twitter
I'm actually disappointed with what I found when digging into the account capabilities.
I agree that what is there is both too much and too little. Here's what I would like to see:
A list of rights that can be assigned to a guest account - not much different than how we configure the gallerys and albums.
Guest accounts per album or at worst, per gallery. It could be part of the gallery config.
In the email upload - it would be nice to be able to specify a particular album as the destination instead of "email". I have a genealogy gallery that I want the ability to give people access so they can upload pictures to share with other members of the family. It's hard to get some of these folks to let go of their pictures so it's important to make it easy and specific.
Hope someone is listening!
Jon
Hi Jon,
We're listening. I can't say that the functionality is going to change though. It's designed this way on purpose - otherwise the potential for abuse is very high, even more so as we've grown so much!
Your genealogy email uploaders can email the pic and the caption, it lands in your "email" gallery, and then you move the photo, with caption - is that how you're doing it?
Portfolio • Workshops • Facebook • Twitter
I've done nothing yet - so much to learn! First get some folks off my back by putting up my photos, then on to customizing/cobranding. I think the CSS stuff is beginning to trickle into my brain thanks to Mike's articles.
I guess I'm naieve/honest but I'm not catching on how abuse would be a factor for expanding how guest accounts could be setup and yet limited in their actions. Are you referring to people "sub-hosting" part of their account?
Anyway - I feel it would be a huge benefit to allow this and I can't believe there's a technology reason why it couldn't be done.
Thanks!
Jon