Hi there,
The only thing you can do currently is to uncheck "show in gallery" and "allow featuring" when uploading your photos, which will prevent them from being linked to in any publicly accessible place, and will tell search engines not to index the photo page. You can insert such photos into your blog as usual.
The photos and photo pages themselves _would_ still be accessible without a password though, so someone who has access to your blog could link directly to one of your photos, and that link would work for everyone.
Basically as Sander says, though I'm pretty sure the photo pages (as in 'gallery') would not be existent. I should add that the chance of this happening is pretty small unless that person has access to your blog (so they'd need the password from you). Even then, most blog readers are not the kind that then go out and link to photos elsewhere, but it is of course a possibility.
Sander, is it technically possible to block off the direct link to www.site.com/xxx.jpg for example?
Hope that helps!
Basically as Sander says, though I'm pretty sure the photo pages (as in 'gallery') would not be existent.
No gallery would exists which shows the photo, but you can open a stream page for the photoid, and that would show the photo and work. (I tested this before.) This'd also mean that if someone was hypothetically browsing all photos (by just incrementing the photoid), they would eventually come across such otherwise "private" photos. It's unlikely, but certainly technically possible.
Sander, is it technically possible to block off the direct link to www.site.com/xxx.jpg for example?
Pretty hard to do that in a way which scales. They're static files, so don't go through coldfusion. You could change that (and then do checks in the session of the visitor if they can access the blog (though there's of course not quite a 1-to-1 mapping between blog and user)), but that'd create a huge performance bottleneck.
We could add various "make my photos private" features which would obfuscate photo urls, but that still wouldn't stop sharing.
Probably the most workable actual solution would be a combination of both, putting photos which are marked as private in a completely different database table and directory from those which aren't, with some kind of hash in the URL to make them non-guessable, and having access to everything in that directory require a session token (different per user who chose to make photos private). Quite an undertaking...
[ 25-May-2011, at 12:05 by Sander ]
Interesting re stream view... I never realized that!
I thought it would be complex to block off image urls like that. I think we'll put that on the "not any time soon" pile
Cool thanks heaps!
0 Response to "Photo safety on travellers point"
Post a Comment