Options
Bogus Site-wide Customization login prompt
micknewton
Registered Users Posts: 269 Major grins
Since yesterday, when ever I click the 'Site-wide Customization' link on my control panel I get sent to the login page, even though I'm already logged in.
This extra login prompt is totally unnecessary because you shouldn't even be able to see the control panel unless you're already logged in.
This extra login prompt is totally unnecessary because you shouldn't even be able to see the control panel unless you're already logged in.
0
Comments
My Website index | My Blog
Since you seem to have set your SmugMug account to keep you logged in even when you close your browser, it's not true that you have to know the password for the account to see the control panel. What about if you're not at your computer? Anyone else could open the browser, go to your SmugMug site, click on control panel and screw around with your customizations.
That's why for sensitive account settings, like changing your email address or password you always had to login again if you hadn't authenificated yourself for this browser session. It seems as if this security precaution was expanded to include the customizations as well. If you haven't logged in yet since you opened the browser, you would have to authentificate yourself by entering your login. After having logged in once, you can go back to the customizations unless you close your browser and re-open it.
I hope this explains things.
Sebastian
SmugMug Support Hero
Now, when I click the customize link (now called "Site-wide Customization") I get sent to the login page. I don't know why, but it often takes a long time for the login page to load. That's the major reason that I choose the option to stay logged in when I close the browser.
So, now I have to wait for the login page to load, log in, then click the link to take me to my customize page, then wait for the customize page to load.
This is stupid because I'm already logged in as soon as I hit my home page. Yes, it only makes me login when I first open my browser, but it's annoying to have to go through all this when I'm already logged in. If I were worried about someone getting into my customize page and messing things up, then I would select the option to log out when I close my browser.
This just started a couple of days ago from today OCT 21, 2008 Sunday.
Freddie
fdjphoto.smugmug.com
Portfolio • Workshops • Facebook • Twitter
Sorry - we recently made cobrand.mg more secure. It's for everyone's benefit
Portfolio • Workshops • Facebook • Twitter
It was only a simple example I used. We have added this security precaution to prevent your customizations from being changed by other people. Since you didn't have to authentificate yourself in the past with your login and password, it was theoretically possible that the request to change your customizations coming via a non-secured connection could have been intercepted by hackers. That would have enabled them to simply change your site customizations without having to know your login data. Now, this isn't possible anymore since they would have to get themselves authentificated first before being able to make any changes.
I understand that this is another step that you need to take, but it's a security step that is necessary to ensure the safety of your site. Please understand that protecting the safety of your site is more important to us than this in comparison very small additional step.
If you have any further questions, let us know.
Sebastian
SmugMug Support Hero
No need to answer that. I'm just being facetious. Like the patriot act, I don't like it, but I guess I'll have to live with it.
Portfolio • Workshops • Facebook • Twitter