Possible security problem

DalantechDalantech No cropping zone...Registered Users Posts: 1,519 Major grins
edited October 2, 2006 in SmugMug Support
My wife has an Excel spread sheet with all of the books that she sells. She turned the name of a book in her list into a hyperlink, and it worked just fine (gallery opens with the image when you click on the link). But after she moved the image to a private forum the hyperlink still worked even though she was logged out of her site. I logged into my site and after she emailed me the spread sheet I tried to access the image and sure enough, I could see it too -gallery opens with all the thumbnails and the image. I logged into my site just to make sure I wasn't logged into her galleries. When I tried to go to the category that the gallery was in I got a page that did not include the private gallery, so it looks like there is an authentication check in the category scripts but the scripts that display the gallery assume that you are already logged in. There should be authentication on every page...

Also I can see the "Share photo" link and page on both sites even when I'm logged out. The options in the control panel for the gallery either turn the link on / off for everyone (even me if I'm logged in) and the other option just enables or disables external linking. IMHO it's not a good idea to let just anyone access the Flaunt your photos page. Am I missing a toggle in the gallery controls somewhere, or is access to the hyperlinks wide open?...
My SmugMug Gallery

Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
«1

Comments

  • gluwatergluwater SmugMug Technical Account Manager Registered Users Posts: 3,599 Major grins
    edited September 30, 2006
    There are two different options, see the attached screen shot. Also as far as I know it does not matter if a photo is in a private gallery if you have a direct link to it. But I could be wrong.
    Nick
    SmugMug Technical Account Manager
    Travel = good. Woo, shooting!
    nickwphoto
  • BeachBillBeachBill Hurry up and wait Registered Users Posts: 1,311 Major grins
    edited September 30, 2006
    Dalantech wrote:
    My wife has an Excel spread sheet with all of the books that she sells. She turned the name of a book in her list into a hyperlink, and it worked just fine (gallery opens with the image when you click on the link). But after she moved the image to a private forum the hyperlink still worked even though she was logged out of her site. I logged into my site and after she emailed me the spread sheet I tried to access the image and sure enough, I could see it too -gallery opens with all the thumbnails and the image. I logged into my site just to make sure I wasn't logged into her galleries. When I tried to go to the category that the gallery was in I got a page that did not include the private gallery, so it looks like there is an authentication check in the category scripts but the scripts that display the gallery assume that you are already logged in. There should be authentication on every page...

    "private" gallery means the gallery is not listed on your home page or within a category listing. It is still accessible by anyone who knows the link to it.

    It sounds like, by your description, that you really want to be using a password protected gallery, then, you or anyone else will need to authenticate with the password prior to being able to see the gallery.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    gluwater wrote:
    There are two different options, see the attached screen shot. Also as far as I know it does not matter if a photo is in a private gallery if you have a direct link to it. But I could be wrong.

    Allowing external links just lets you post links to images on sites other than your own. I didn't know, until now, that anyone can post links to my gallery...

    If I disable access to the Flaunt your photos page then even I can't access it -it seems to me that it would be better if I could disable it for the public while maintaining access to it myself. Also if a gallery is private then there should be authentication to the gallery page, and there is not -so my original post still stands unanswered...

    P.S. Thanks for the screen shot, but I posted that I knew of those options and disabling them doesn't solve either problem...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    BeachBill wrote:
    "private" gallery means the gallery is not listed on your home page or within a category listing. It is still accessible by anyone who knows the link to it. .

    But it isn't listed on the home page or category listing because an authentication check is made. That same authentication should be made within the gallery itself...
    BeachBill wrote:
    It sounds like, by your description, that you really want to be using a password protected gallery, then, you or anyone else will need to authenticate with the password prior to being able to see the gallery.

    No, I don't want users to have to log in to a gallery that I do not want them to see -if that were the case then I'd just make the gallery public!

    I want the gallery to use the same authentication as the category list and the home page, and I want the link to the Flaunt your photos page to be hidden so that only I can post links to images on my gallery...

    Can I get someone who works for SmugMug to get into this thread?
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • BeachBillBeachBill Hurry up and wait Registered Users Posts: 1,311 Major grins
    edited September 30, 2006
    Dalantech wrote:
    But it isn't listed on the home page or category listing because an authentication check is made. That same authentication should be made within the gallery itself...

    There is *no* authentication made on private galleries. "private" just means the gallery is not listed on the home page or catgeory listing or in search results.

    If you want the gallery to:
    1) Not be listed on the home page or category listings
    2) Require authentication to view

    Then you need to make that gallery private *and* password protected.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • jfriendjfriend Scripting dude-volunteer Registered Users Posts: 8,097 Major grins
    edited September 30, 2006
    No authentication
    Dalantech wrote:
    But it isn't listed on the home page or category listing because an authentication check is made. That same authentication should be made within the gallery itself...

    This is not true. The setting you picked in the customize gallery page only says:

    Public: Yes ( ) No (o) Show this gallery on your homepage?

    ALL this setting does is decide whether to show this on your home page or not. It's analagous to an unlisted phone number. Anyone can call it without authentication, but it isn't put it in the public directory.

    It's is a misnomer to call these galleries private. They are not private. They are only unlisted on the home page.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    BeachBill wrote:
    There is *no* authentication made on private galleries. "private" just means the gallery is not listed on the home page or catgeory listing or in search results.

    If you want the gallery to:
    1) Not be listed on the home page or category listings
    2) Require authentication to view

    Then you need to make that gallery private *and* password protected.

    *sigh*

    Yes, there is authentication being made on private gallery pages. That's why, when you log out of your site, you don't see the private galleries. If you understood scripting then you wouldn't be arguing with me -and I want someone from SmugMug to get into this discussion because you don't know what your talking about...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    jfriend wrote:
    It's is a misnomer to call these galleries private. They are not private. They are only unlisted on the home page.

    If someone knows the URL to a specific image then yes, they are going to see it because there is no script restricting their access.

    When you go to a SmugMug site there is some PHP scripting, running on the web server, that checks to see if you have access to a particular gallery. That script is obviously running on the home page and the category list page, but not on the actually gallery page itself -and it should be. You are, whether you realize it or not, authenticating to the home and category pages (it's done via cookies so you don't see the "login").

    Now does everyone understand, or do I still have to argue with people who do not know PHP and how the web site works?...

    If you want to know my level of understanding then just Google for "Dalantech" -currently there are 24,100 entries. I run a tech web site and I'm one of the moderators at Maximum PC's forum -I've even written for the magazine. So please, can I get someone from SmugMug, or at least someone who understands scripting, to get into this thread?!
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • ScalaScala Big grins Registered Users Posts: 95 Big grins
    edited September 30, 2006
    The behavior you describe is by design. It can be confusing because the feature is called "private" but it does not prevent accessing the gallery by direct URL. Like jfriend said, marking a gallery as private only removes it from view on www.smugmug.com and on your smugmug site for those who are not logged in with your credentials. See here: http://www.smugmug.com/help/private-albums

    Often the kind of privacy the feature now offers is adequate. It's a choice we have to make between making the gallery really hard to access (require password that people forget) or just making it unlisted on smugmug.com.

    For a further twist in the plot, it seems that password-protecting a gallery still leaves the photos open for direct linking. This means someone could come up with an image ID for an image in a password-protected gallery and view it by direct URL without knowledge of the password.

    Only when you don't allow external links will your photos not show when accessed using direct URLs which contain what looks like a filename at the end. (I just tried, it seems you have to have a password AND disallow ext links for the photo not to show?)

    I could have forgotten some of the privacy gotchas since they were last discussed. It's not very simple at all :)
    My smugmug site: www.majakorpi.net
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    Scala wrote:
    The behavior you describe is by design. It can be confusing because the feature is called "private" but it does not prevent accessing the gallery by direct URL. Like jfriend said, marking a gallery as private only removes it from view on www.smugmug.com and on your smugmug site for those who are not logged in with your credentials. See here: http://www.smugmug.com/help/private-albums

    Often the kind of privacy the feature now offers is adequate. It's a choice we have to make between making the gallery really hard to access (require password that people forget) or just making it unlisted on smugmug.com.

    For a further twist in the plot, it seems that password-protecting a gallery still leaves the photos open for direct linking. This means someone could come up with an image ID for an image in a password-protected gallery and view it by direct URL without knowledge of the password.

    Only when you don't allow external links will your photos not show when accessed using direct URLs which contain what looks like a filename at the end. (I just tried, it seems you have to have a password AND disallow ext links for the photo not to show?)

    I could have forgotten some of the privacy gotchas since they were last discussed. It's not very simple at all :)

    For the last time: I fully understand how the private galleries work -better in fact than anyone who has replied to this thread. I know, and have already explained, why direct linking works. What I want is for the gallery pages to use the same authentication as the home page and category pages -very easy to add it. If some one knows exactly where a .jpg file exists then there is nothing to stop them from getting it, and that's fine. A lock only keeps the honest people out anyway, and all I'm asking for is one more lock...

    I also don't think that the general public should have access to the Flaunt your photos page since it would make it really easy for someone to use your photos on their web site -and potentially use up a lot of SmugMug's bandwidth.

    Still waiting for some one from SmugMug, or who understands scripting, to chime in. Getting really tired of explaining the same point over and over to people who don't script...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • ScalaScala Big grins Registered Users Posts: 95 Big grins
    edited September 30, 2006
    I'd guess a lot of people don't want the feature you want. It would break current functionality unless they add another option for it. Adding another option would make things even more complicated.

    By the way smugmug rarely links straight to actual image files. There's a lot of scripting going on there as well. Like this one http://dalantech.smugmug.com/photos/89580353-700x700.jpg and the fact that you can deny external links to images.

    It has been shown that there is a way to have what you want, just not by the exact technical means you are fond of.

    Very nice photos on your site by the way! :)
    My smugmug site: www.majakorpi.net
  • jfriendjfriend Scripting dude-volunteer Registered Users Posts: 8,097 Major grins
    edited September 30, 2006
    Probably best to post in the feature request thread
    Dalantech wrote:
    Still waiting for some one from SmugMug, or who understands scripting, to chime in. Getting really tired of explaining the same point over and over to people who don't script...

    Excuse us for trying to explain how their existing functionality works and why it doesn't currently do what you seem to want - no need to get all mad, we're just discussing things. Smugmug's current service does not work the way you describe. If you want to make a feature request for this new feature, then you should post in the feature request thread which is monitored by Smugmug developers and see if you get any response there. You can link to this thread for detail.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    Scala wrote:
    I'd guess a lot of people don't want the feature you want. It would break current functionality unless they add another option for it. Adding another option would make things even more complicated.

    By the way smugmug rarely links straight to actual image files. There's a lot of scripting going on there as well. Like this one http://dalantech.smugmug.com/photos/89580353-700x700.jpg and the fact that you can deny external links to images.

    It has been shown that there is a way to have what you want, just not by the exact technical means you are fond of.

    Very nice photos on your site by the way! :)

    It's not really a feature -I just think the same level of authentication should exist at the gallery level that exists at the home page and category level. Not a feature -the way things currently work constitutes a bug...

    Thanks for the props on my photos!
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    jfriend wrote:
    Excuse us for trying to explain how their existing functionality works and why it doesn't currently do what you seem to want - no need to get all mad, we're just discussing things.

    I'm not mad -I'm frustrated. It's irritating when people who don't understand how things work try to explain something to me that I already know -repeatedly...
    jfriend wrote:
    Smugmug's current service does not work the way you describe.

    Nope, it doesn't because it is currently broken. All SmugMug has to do is add the same authentication script to the gallery page that is already on the home and category pages. Also blocking the Flaunt your photos page from everyone except the site owner would be a good idea, IMHO...
    jfriend wrote:
    If you want to make a feature request for this new feature, then you should post in the feature request thread which is monitored by Smugmug developers and see if you get any response there. You can link to this thread for detail.

    It's not a new feature -I consider both request to be potential security bugs. This forum authenticates you on EVERY PAGE -even though you don't realize that it's happening. Why should your SmugMug gallery be any less protected?...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • AllenAllen "tweak 'til it squeaks" St. Louis, MoRegistered Users Posts: 9,953 Major grins
    edited September 30, 2006
    Excuse me for buttn' in.:D But what is a "Flaunt your photos page"? ne_nau.gif
    I've never heard of it. Is it something that I missed?
    Thanks
    Al
    Al - Just a volunteer here having fun
    My Website index | My Blog
  • AndyAndy Bicameral New YorkRegistered Users Posts: 50,154 Major grins
    edited September 30, 2006
    Dalantech wrote:
    and I want someone from SmugMug to get into this discussion because you don't know what your talking about...
    Hi Dalantech, the spirit of this forum is that folks try to help. You have tons of knowledge - but please don't belittle or berate the fine contributors here, thanks - it's a real downer, and really not what we're about here at Dgrin and SmugMug :D

    There's no bug, this is how the setup works. If you wish, as Jfriend suggested, please put in a feature request, and we'll consider it for sure!
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    Andy wrote:
    Hi Dalantech, the spirit of this forum is that folks try to help. You have tons of knowledge - but please don't belittle or berate the fine contributors here, thanks - it's a real downer, and really not what we're about here at Dgrin and SmugMug :D

    There's no bug, this is how the setup works. If you wish, as Jfriend suggested, please put in a feature request, and we'll consider it for sure!

    It wasn't my intention to put anyone down -I just got frustrated at people who were holding a crayon ham fisted and explaining how things worked to me over and over, but they weren't really reading what I was posting. I kinda felt like I was the one being belittled...

    I give up on this one -it's not a feature request my friend, it's an honest to goodness bug. The home page and category pages check to see if you are authorized to view them, but the gallery pages do not. It would be really easy to give the gallery page the same level of protection -it could be copied and pasted in from either the home or category page scripts. But since I can't get you, or anyone else, to see it as a problem then it won't get fixed.

    Then there is the issue with the Flaunt your photos page being accessible by anyone -a great feature that makes it easy for some one to use your copyrighted images on their web site and to leach bandwidth from SmugMug. Again if I can't get you to see that as a problem then I'm not going to post it as a "feature request". Security issues should NEVER be treated as if they are feautures...

    In a nutshell Andy it would be easy to set up a web site that pulls your images, even the look and feel of your galleries, because the current scripts allow it. Granted, you can't come up with perfect protection -but shouldn't you lock the doors to your house even though some one could break in anyway?...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited September 30, 2006
    jfriend wrote:
    I presume he's talking about the Most Popular Photos section of your home page. It sounds like Dalantech wants it to be for the site owner only, but others (myself included) enjoy sharing it with all site visitors.

    I'm trying soooooooooo hard to be patient with you. No, you're wrong *sigh*

    This is what I'm talking about: http://www.dalantech.smugmug.com/gallery/share.mg?AlbumID=1590111&Page=1&ImageID=89580353 -it makes it very easy for some one to pull your photos onto their web site. Granted, if you know the exact link to a specific jpf file then you can do it anyway, but the Flaunt you photos page makes it easy for some one to get the necessary hyperlinks. I paid for the right to post links to my images on the web -but I don't think that you should have the right to post links to my images, and SmugMug makes it easy for you to do it by allowing you to see the flaunt your photos page (do you see the words "Flaunt your photos" at the top of the page I linked to?).

    Edit: You access the "Flaunt your photos" page from the "share photo: links, forums, blogs" hyperlink under the images on your gallery. Yes, you can disable the hyperlink, but when you do you can no longer see the link even if you are logged into your SmugMug site. Instead of the toggle disabling the link for everyone it should disable the link for everyone but you -or better still the site owner should be the only one who ever gets to see the link. Why should other people have access to a page filled with hyperlinks to your images?...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • SteveMSteveM SmugMug Pro Concierge Registered Users Posts: 482 Major grins
    edited September 30, 2006
    Dalantech wrote:
    I'm trying soooooooooo hard to be patient with you. No, you're wrong *sigh*

    This is what I'm talking about: http://www.dalantech.smugmug.com/gallery/share.mg?AlbumID=1590111&Page=1&ImageID=89580353 -it makes it very easy for some one to pull your photos onto their web site. Granted, if you know the exact link to a specific jpf file then you can do it anyway, but the Flaunt you photos page makes it easy for some one to get the necessary hyperlinks. I paid for the right to post links to my images on the web -but I don't think that you should have the right to post links to my images, and SmugMug makes it easy for you to do it by allowing you to see the flaunt your photos page (do you see the words "Flaunt your photos" at the top of the page I linked to?).

    Thanks for clearing that up for us Dalantech. We've kind of developed our own Smugslang around here, so sometimes we get pigeonholed on terms. Yep, you're right. If you have the "share photos" option toggled, anyone gets that screen, or not if it's disabled. Keep in mind, that's just a cheatsheet and if you have external linking turned on, whether that's displayed or not doesn't change the functionality of those links. Most people familiar with Smugmug don't need that page to steal your photos. :D
    I do use it myself from time to time because I'm too lazy to think about it and it would be kind of a neat feature for it to be displayed to the account owner even when disabled in the control panel. There's a pretty lenghty thread about features like that... "Displaying the Original size option to account holders when logged in even when disabled", etc.
    Steve Mills
    BizDev Account Manager
    Image Specialist & Pro Concierge

    http://www.downriverphotography.com
  • AndyAndy Bicameral New YorkRegistered Users Posts: 50,154 Major grins
    edited September 30, 2006
    Dalantech wrote:

    I give up on this one -it's not a feature request my friend, it's an honest to goodness bug.
    Bug it, in the bug thread, and I'll be sure to get the engineers to comment, oK?
    [/QUOTE]
  • BeachBillBeachBill Hurry up and wait Registered Users Posts: 1,311 Major grins
    edited September 30, 2006
    Dalantech wrote:
    *sigh*

    Yes, there is authentication being made on private gallery pages. That's why, when you log out of your site, you don't see the private galleries. If you understood scripting then you wouldn't be arguing with me -and I want someone from SmugMug to get into this discussion because you don't know what your talking about...

    Please, don't assume what someone does or does not know just because you don't get the answer you want. Nobody is arguing with you, we are just trying to explain the way the feature actually works.

    I know exactly how the public display on/off option works, you don't need to try to explain that to me. It unfortunately isn't designed to work the way you think it is designed to work.

    The authentication you are referring to does not have anything to do with the public display on/off feature, the authentication you are referring to is checking to see if the owner of the smugmug site is logged in. If the owner is logged in they will see additional options both on the homepage and in galleries, and yes one of the options made visible to owners is the non-public galleries.

    Please read the help section to learn about the public on/off feature, to find out what it really is designed to do if you don't believe any of the people who have tried to explain it to you today.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • BeachBillBeachBill Hurry up and wait Registered Users Posts: 1,311 Major grins
    edited September 30, 2006
    Allen wrote:
    Excuse me for buttn' in.:D But what is a "Flaunt your photos page"? ne_nau.gif
    I've never heard of it. Is it something that I missed?
    Thanks
    Al

    He's talking about the share link (when you turn easy sharing on) for a gallery.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited October 1, 2006
    SteveM wrote:
    Most people familiar with Smugmug don't need that page to steal your photos. :D

    *snip*

    Agreed -if you know the exact URL to a .jpg file you're going to get it because the authentication scripts that control access are bypassed. However I don't think that it's a good idea to make it easy for someone to leach your photos...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited October 1, 2006
    BeachBill wrote:
    He's talking about the share link (when you turn easy sharing on) for a gallery.

    I'm not replying to your other post because you are way out in left field -and I can tell by the post I quoted that you aren't reading my posts before you respond. If you did you'd know that I already explained what the Flaunt you photos page is (had to explain it even though the words "Flaunt you photos" is at the top of that page...).
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited October 1, 2006
    Andy wrote:
    Bug it, in the bug thread, and I'll be sure to get the engineers to comment, oK?

    Done.

    http://www.dgrin.com/showthread.php?t=40326&page=12

    I would appreciate it if the people who tried to explain to me how things work stay out of the bug reporting thread. I know how it works now -but, IMHO, it is broken and should not work the way that it is. If you want to get a better understanding of the problem then read the post I made in the bug thread. I tried to spell it out a little better to avoid any confusion...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • AndyAndy Bicameral New YorkRegistered Users Posts: 50,154 Major grins
    edited October 1, 2006
    Dalantech wrote:
    Done.

    http://www.dgrin.com/showthread.php?t=40326&page=12

    I would appreciate it if the people who tried to explain to me how things work stay out of the bug reporting thread.
    Dalantech, this was *totally* unnecessary and only throwing gasonline on the fire. Let's let it go, ok? I've got it in the bug thread, I've made sure that our engineers have seen it, and you'll hear back from us, ok?
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited October 1, 2006
    Andy wrote:
    Dalantech, this was *totally* unnecessary and only throwing gasonline on the fire. Let's let it go, ok? I've got it in the bug thread, I've made sure that our engineers have seen it, and you'll hear back from us, ok?

    Sorry Andy, but after the 3rd person in this thread broke out a crayon and tried to explain things to me, and after you took their side and said that I needed to ask for a new feature, I thought it was necessary -some of them didn't even read my posts before responding, and they weren't trying to help but they were trying to start an argument...

    Edit: Next time I'll post my concerns in the bug thread -I was tired last night and missed it.
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • ScalaScala Big grins Registered Users Posts: 95 Big grins
    edited October 1, 2006
    You shouldn't just pick a feature that works like it was designed and documented, decide that you don't like it and call it a bug.

    The fact that private galleries are accessible by direct URLs is a very good feature. Makes it simple to show proofs to clients but not to everyone who visits my site.

    The fact that people interpret the word "private" differently and assume things without checking the documentation is a problem of sorts for Smugmug. People are not necessarily getting what they think they are. This is why jfriend has suggested calling the feature "unlisted" instead.

    The "flaunt your photos" page is just an added convenience to get the image links. Since you're adept in web technologies, you probably don't need it.
    My smugmug site: www.majakorpi.net
  • DalantechDalantech No cropping zone... Registered Users Posts: 1,519 Major grins
    edited October 1, 2006
    Scala wrote:
    The fact that private galleries are accessible by direct URLs is a very good feature. Makes it simple to show proofs to clients but not to everyone who visits my site.

    That's what password protecting a gallery is for -so you can give clients the password to their gallery... *sigh*
    Scala wrote:
    The fact that people interpret the word "private" differently and assume things without checking the documentation is a problem of sorts for Smugmug. People are not necessarily getting what they think they are. This is why jfriend has suggested calling the feature "unlisted" instead.

    Edit: *sigh* I made a comment here, but out of respect for Andy I'm gonna let it go...
    Scala wrote:
    The "flaunt your photos" page is just an added convenience to get the image links. Since you're adept in web technologies, you probably don't need it.

    Actually I use it all the time -it's a very convenient short cut. But I don't think that the entire planet deserves access to a feature that I pay for...
    My SmugMug Gallery

    Looking for tips on macro photography? Check out my Blog: No Cropping Zone.
  • BeachBillBeachBill Hurry up and wait Registered Users Posts: 1,311 Major grins
    edited October 2, 2006
    I would like to apologize for any offence that you perceived. We genuinely were not trying to offend you or argue with you, that was not our intent. DGrin is a peer support site and we were all just trying to clarify how the "public: no" gallery option actually works because it unfortunately was never designed to make a gallery completely private and non-accessible by the general public. It is a misnomer to call it public/private; it should really be called "unlisted" which means "do not include this gallery in any category, search or gallery listings".

    I see that you want true private galleries where only the owner of the site can see them. That is an excellent enhancement request that I would like to see as well. I have set up several galleries ahead of time, some as placeholders to remind me that I want to post certain photos and some galleries that I am currently building. Both of these would be good candidates for truly private galleries.

    Your next request for the "share photos" link to always be visible to the site owner is something many of us would like to see as well. Many of us have asked for exactly the same functionality for the "original" photo link. It would be extremely useful if both the "share photos" and "original" links would always be displayed for the site owner.

    See this post and this post for similar requests in the feature request thread. Please add your "me too" to the enhancement request thread so smugmug can have a documented count of the number of users that want this feature.

    Finally, I believe all who replied to your inquiry do have scripting experience and I'm not sure why you assumed none of us does. I'm a software engineer and personally design and develop sites/applications similar to smugmug and have been doing so for over 10 years.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
Sign In or Register to comment.