Original viewed when not allowed
W.W. Webster
Registered Users Posts: 3,204 Major grins
I have been surprised to find that a visitor to my site has apparently been able to view a photo on my site in 'original' size (but, hopefully, not copy it) when the relevant gallery customisation parameter that would enable this ('can people view your original, full size photos?') is set to 'no'.
An extract of the StatCounter log which revealed this problem follows. When I click on the reported URL, it brings up the image in 'large ' size, but enables me select 'original' which then appears to become the new default. Can anyone explain what is going on here?
An extract of the StatCounter log which revealed this problem follows. When I click on the reported URL, it brings up the image in 'large ' size, but enables me select 'original' which then appears to become the new default. Can anyone explain what is going on here?
0
Comments
Canon EOS Rebel XT, EF-S 18-55, EF 50 1.8 II, Tamron AF 19-35 3.5-4.5, EF 24-70 f/2.8L, EF 70-200 f/4L, Speedlite 580EX, Manfrotto Digi Mini 718B.
i'm pretty sure this is the designed behavior. instead of showing a 404 or something like that, it shows the maximum allowed size, be that large or medium (if larges are disabled).
But through this I acutally found a way of accessing the Originals by mistake! I'm gonna send this straight to smugmug and won't describe the bug here further.
Sebastian
SmugMug Support Hero
Hello Sebastian,
Please let us know if this problem has been corrected by Smugmug. If you found a "Backdoor" to access the original photos, that is a SERIOUS problem that must be corrected ASAP.
Thanks,
David....
word about it is out to smugmug. I'm sure they'll take care of it ASAP!
Stay tuned,
Sebastian
SmugMug Support Hero
I had a make-up artist tell me she could open up and download my originals, even though everything was set so that wouldn't happen. I don't know how she did it though. Now, I post my galleries small (450 pixels tall) with a copyright notice on them. Then in the description, I put a link that says something like "to order prints, click here".
And that goes to a gallery all stamped with the "proof" and only enabled to view large (not original). As of yet, the photos people are stealing are the small copyright ones (I see them on myspace.com profiles). But they avoid the "proof" ones. Anyway, I try to put the copyright notice in a place that makes it tougher than a quick crop to remove.
It's a brutal on-line world for us photographers who actually want to sell anything!
Portland, Oregon Photographer Pete Springer
website blog instagram facebook g+
So you can get traffic on the /Original, but it won't actually give them the original. We have seen people claiming to have downloaded Original images too, and whenever we ask to see an example, it is always a large or medium. They just don't realize that they don't have the "high res original" because they have a pretty big sized picture (to them). To a non-photographer, those big Larges (and even Mediums to people on small monitors) look very high res and "original".
David...
There are no back doors. Please look at JTs post above and these two links here:
http://www.moonriverphotography.com/gallery/1022944/1/47425794/Large
http://www.moonriverphotography.com/gallery/1022944/1/47425794/Original
Same photo. Same size. If you have Originals blocked, and someone goes to a /Original url, they will be served up the /Large size. If you have Larges blocked, they'll be served up the /Medium size.
I hope this clears up the confusion for you. If you have any questions, holler back.
All teh best,
Portfolio • Workshops • Facebook • Twitter
I understand what you have written above. I am referring to the comments by Sabastian claiming that while investigating whether the original and the large files were infact the same, he claims that he found another way to obtain the original file. Is there any merit to his claim?
David...
Nope. If you have Originals blocked in your galleries, visitors can't get to them.
Portfolio • Workshops • Facebook • Twitter
I just got out of bed and checked on this. The issue I reported before is fixed. No need to worry anymore.
Sebastian
SmugMug Support Hero
Sebastian
SmugMug Support Hero
Sebastian,
yes it is a serious issue that was well picked up
but it's the kinda thing that you have gotta see the funny side of, that was Lee's intention.
Cheers,
David
SmugMug API Developer
My Photos
So now this is off my chest. I don't mind posting this in public as he somewhat repeated his joke over here.
Sebastian
SmugMug Support Hero
Also recognize that I'm a mod and it should be understood that i'm not going to exploit any knowledge that i may gain as being one.
It was meant more as a joke for Andy so it was a mistake on my part to even say it.
Actually I'm glad you posted it here too - help to clear everything up for me.
Sebastian
SmugMug Support Hero
Maybe he shouldn't post how it was done, incase a similar bug exists...but still! WHAT THE HELL MAN!?
It was probably lightbox related...
the bug wont be posted, at least by any of us here.
and it wasnt lightbox related, so put your torch out.
SmugMug API Developer
My Photos
Unfortunately, it's sometime difficult to read the undertones of a post (unless they use smilies
But I can, somewhat relucantly, confirm that BWG does infact have a wicked sense of humour
Dave
SmugMug API Developer
My Photos
hehe, actaully I was hoping it WAS lightbox related! At least that way our Originals would only recently have been vulnerable.
Is there anyway I can see if anyone was using that bug on my site?
What Webster (thread starter) noticed was someone clicking on an Original link that just lead to the Large picture again, because Originals were disabled in the gallery.
Sebastian
SmugMug Support Hero
You guys should hire Sebastian to find more bugs
Seriously though, I really hope nobody has used this! If Sebastian could stumble upon it by mistake, I'm sure someone looking for it could've found it! Lets hope their statement is accurate "As far as we can tell, no-one ever used it"
I was originally told that there was no backdoor and as long as the "Originals" were off, that I was safe. But this proved them wrong. If Microsoft can get hacked, so can this site. I am glad that the techs fixed the problem so quickly though.
David...