Unlisted photos are returned while searching on public site (security flaw)
kusi
Registered Users Posts: 15 Big grins
I have a bunch of galleries whose visibility is set to "unlisted" and "SmugMug searchable = no". The photos in the folder contain keywords which are found with the public search box on my website. I consider this a serious security flaw. I tested all kind of different combinations (private browser mode, logged out, different browser, different computer), and I always get access to photos which are supposed to be invisible if you don't have the direct link to the photo/folder.
This behavior is not reproducible with every gallery, for some it works as expected. I suspect only older galleries are hit by this security leak, but I cannot confirm this.
Tagged:
0
Comments
Are you sure you didn't collect those photos into a searchable gallery?
Please check out my gallery of customisations for the New SmugMug, more to come!
Have you contacted the help desk? I would reach out to them with an example of a gallery where you are seeing this behavior.
https://www.smugmughelp.com/en/articles/309-contact-a-smugmug-support-hero
Musings & ramblings at https://denisegoldberg.blogspot.com
Indeed! I had some galleries with smart rules which had visibility=public. Thanks for the hint