Security through Obscurity

MikeLaurelMikeLaurel Registered Users Posts: 67 Big grins

I'm seeing as I work with SmugMug that I need to take a different approach on the security of my photos. In Phanfare, I'd move albums to subsites and could control album visibility by subsite.

In SmugMug, I've found I'm having to do the following security settings to share photos with people:
Visibility: Unlisted (Anyone with the Link)
Access: Anyone with a Link

The original photos need to have the permission set. They aren't easy to find because someone has to guess some random gibberish in the URL to access them.

I'm putting my photos in a "Main" folder organized by years. Then I'm creating some other top-level folders (my concept of how to do a Phanfare subsite) and collecting the pictures I want to share in galleries in those folders. It took me a few exchanges with SmugMug support to figure out how to even see the pictures I'd collected elsewhere. That's because the security comes from the "master" photo--if it's private, you won't see it elsewhere.

This brings up a potentially frustrating problem with how the Phanfare -> SmugMug migration collected photos. As it turns out, my migrated galleries might have a collection of collected photos and original photos. I have to find the originals of every photo to change the permissions. I'm not sure how much of a mess it's going to be for me yet, but I did have several subsites, so it's possible my original photos are scattered all over the place. I still need to work more with this, but I'm starting to make some sense of the new security model.

Comments

  • KarinaExPhanfareKarinaExPhanfare Registered Users Posts: 95 Big grins

    I have done similar - set up my "main" folder organised by years and some misc albums - and set its privacy to unlisted.

    Then created some other top level folders where I am trying to work out how best to recreate my subsites. (it did take me a while to work out the originals from the collected).

    My issue that I havent quite worked out - several of my subsites were linked to websites I manage. They have nothing to do with my own personal photos so the subsites were never actually visible on my "main" Phanfare page that family and friends had access to.

    I "think" I have worked out that in the customise view I can remove the breadcrumb completely in my "subsite" - so viewers wouldnt be able to click on a home button and get back to my main home page (I am still experimenting so anyone please correct me there). But I get the impression the actual folder has no option but to be visible on the main home page anyway. (Again - if I am off the mark here - any corrections welcome). No way to hide it from my actual personal home page ?

    Something else I cant work out tonight - when in the customise view - if I select a folder and create a theme for that folder - it doesnt appear to carry the theme through to each gallery in the folder. I had to click on each gallery individually and set its theme.

  • AllenAllen Registered Users Posts: 10,013 Major grins

    You might want to check out a Smugmug services page, the /browse page. It shows everything at the top level.
    You can edit the /browse page to only show things you want visible though. I edited my /browse page to only
    contain a folders, pages and pages widget and picked exactly the things I wanted exposed.

    Everything top level is visible to the public. With editing the /browse and homepage boxes you can
    control that visibility. So unless they guess the exact name of a folder/category they will never find it.

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • KarinaExPhanfareKarinaExPhanfare Registered Users Posts: 95 Big grins

    @Allen said:
    You might want to check out a Smugmug services page, the /browse page.

    Check it out where ? what is it ? Is there a Support page about this as I entered the search terms and found nothing.

  • AllenAllen Registered Users Posts: 10,013 Major grins

    Type /browse behind your sites URL.

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • AllenAllen Registered Users Posts: 10,013 Major grins

    Before the NewSmug was created there was a js hack needed to get a page showing categories and galleries.
    JavaScript is not allowed on NewSmug so they defined a page for this and called it "browse".

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • KarinaExPhanfareKarinaExPhanfare Registered Users Posts: 95 Big grins

    @Allen said:
    Type /browse behind your sites URL.

    Hi sorry for delayed reply. I feel like I am missing something in the translation. "NewSmug" "JS hack" "typing behind a URL" ? (how do I get behind a URL ?)
    Smug folk seem to speak a totally different language and I really do struggle to work out what a lot of you mean - even tho I am doing my best to search the support pages first before I ask a question so I dont appear to be a total dooffus - but over a decade living in Phanfare language land is feeling like I just moved to Transylvania without a translator book!!

  • darryldarryl Registered Users Posts: 997 Major grins

    yoursite.smugmug.com/browse

  • KarinaExPhanfareKarinaExPhanfare Registered Users Posts: 95 Big grins

    @Allen said:
    You might want to check out a Smugmug services page, the /browse page. It shows everything at the top level.
    You can edit the /browse page to only show things you want visible though. I edited my /browse page to only
    contain a folders, pages and pages widget and picked exactly the things I wanted exposed.

    Everything top level is visible to the public. With editing the /browse and homepage boxes you can
    control that visibility. So unless they guess the exact name of a folder/category they will never find it.

    Hi Allen - I am doing my best but I am still having trouble following exactly what you are saying here.

    Still also having utterly no luck in finding any solution for my phanfare subsites.

  • AllenAllen Registered Users Posts: 10,013 Major grins

    Go to your homepage. In the browser address bar type /browse at the end of your link. Hit enter.

    This will bring up a "Smugmug services page", a pre-defined page. It will show all your top level public folders.
    This page can be customize and you can change it to show only what you want shown.
    Check out mine. Notice it's just my site with /browse at end.
    http://www.photosbyat.com/browse

    A few of the other "Smugmug services page", a pre-defined page are /keyword /search /date /popular

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • denisegoldbergdenisegoldberg Administrators Posts: 14,383 moderator

    There are a few others too. A list of the SmugMug system pages can be found on the help page at https://school.smugmug.com/SmugMug-Tips/Customize-Your-System-Pages.

  • KarinaExPhanfareKarinaExPhanfare Registered Users Posts: 95 Big grins

    And still baffled !

    I tried entering this - yoursite.smugmug.com/browse (replacing yoursite with my site name of course) and what I get is a bizarre page that looks nothing like any of the sites or folders or permissions I have set up. It has a content block heading/title from one of my folders that doesnt related to my "home page". Its showing a mix of public, private and unlisted folders.

    Is this "browse" view meant to be what the public can see ? because its definitely not what I set up.

    I am not really understanding why there are so many different "views" of my one smugmug site - none of which seem to be the actual view that I want viewers to physically see.

    I am constantly concerned about changing anything to unlisted because I just do not feel convinced everything is not going to end up being fully visible to the public. I really do not want to accidently reveal my entire life to the public when its meant purely for family and friends.

  • AllenAllen Registered Users Posts: 10,013 Major grins

    It will show all your top level folders if you are logged in. Log out and only public folders are seen.
    The page is fully customizable so you can change it to only show public folders to the public or whatever you want.

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • MikeLaurelMikeLaurel Registered Users Posts: 67 Big grins

    @KarinaExPhanfare said:
    I am constantly concerned about changing anything to unlisted because I just do not feel convinced everything is not going to end up being fully visible to the public. I really do not want to accidently reveal my entire life to the public when its meant purely for family and friends.

    I agree. I've not found any way to make things work on SmugMug the way I need them to work unless I make all my "master" photos Unlisted. If I make my "master" photos private, there's no way to share them through the Unlisted or Private options.

    I'll have to experiment with the browse page in a while to see what I can get it to do.

    I do like some of the customizations I can do on SmugMug with the content blocks. I managed to put together a nice site for family and friends to view our vacation last year. I'm still struggling with ways to regularly share content, though (like we could with Phanfare automatic notifications).

  • bob1854bob1854 New member Posts: 2 Beginner grinner
    I have a Smugmug photo site which has separate sub-sites for each sports team that my daughter is on. Each sub-site is separate from my website home page. The only way to access a sub-site is using a link and password. My master photos are in galleries within each sub-site. I control what users can do to the photos in a gallery by using Gallery Settings. I’ve saved different gallery setting profiles by using Quick Settings. This helps me to set the settings on a gallery with one click of my mouse.

    Previously I spend a lot of time looking at security. I wanted to control who could access my photos and what they could do with the photos. For me the answer was counter intuitive. It was not making things private, it was making them public, but then tweaking certain settings so that “public” didn’t really mean public. Under my home Page are separate sub-sites. Each of these is inside a separate folder (root folder) which contains a home page, galleries, photos, videos, etc. My security is set at the root folder level:
    1. Visibility: Public
    2. Access: People with a password
    3. Web Searchable: No
    4. Smugmug Searchable: No

    Any page or gallery created under the root folder inherits the security from the root folder. I NEVER change the security except in a root folder. Any security changes automatically cascade down to anything underneath it.

    I don’t need to set permissions on photos. The root folder security limits which users can see the photos in the sub-site. A Gallery’s Settings controls what users can do with them. Different galleries in the same sub-site can have different settings.

    This approach works well for me. It took me about 18 months to figure out!
Sign In or Register to comment.