Photos originals available to anyone with the link

icdval

Testing security of my photos I found that I'm able to see photo original jpgs that are inside a private gallery, with medium sizes as maximum view size, and with sharing option is off. This when logged out.

For my thinking the galleries are fully accesible, I know that is hard to get the link, but is not impossible.

Richard

Are you sure you aren't seeing something that's cached in your browser? Try it with a different browser and see what happens.

icdval

I was hopping the same, but not, I tried in different browers, differents devices, in private tabs, used ctrl-f5 to refresh... the image always load, is not the cache...

Richard

That's troubling. I suggest you contact the SmugMug help desk (help@SmugMug.com) with the details.

icdval

If you have any size URL of a photo, is very easy to figure the URL for the original photo...
Can anyone try it with your photos?

Richard

I'm fairly sure that doesn't work beyond the maximum size permitted in the gallery. I do remember a scare I had many years ago when I saw stats that showed originals being accessed. It turned out that the stats were showing the number of requests, not the actual images served. So someone could edit the URL to try to get the original, but the actual image served was the user-specified maximum. Don't know whether the stats have been changed since then, but I would think so.

icdval

I have reported but they said that I'm doing something wrong...

I have to do more testing, some image load only the X3 size

icdval

maybe is my ISP cache.... I'm going to close this until, just to do more testing and not alarm more people... as I was... sorry